Changeset 279


Ignore:
Timestamp:
Jun 17, 2013, 11:10:00 AM (8 years ago)
Author:
david.vanenckevort@…
Message:
Location:
trunk/php-lib/src/FGWeb
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/php-lib/src/FGWeb/Config/Db.php

    r273 r279  
    2525
    2626    $DB_QUERIES['GROUP_ACL'] = 'SELECT count(g.id)
    27                                     FROM group_acls AS ga
    28                                     INNER JOIN groups AS g ON ga.group_id = g.id
    29                                     INNER JOIN modules AS m ON ga.module_id = m.id
    30                                     WHERE m.name = :module AND g.name = :group LIMIT 1';
     27                                     FROM group_acls AS ga
     28                                     INNER JOIN groups AS g ON ga.group_id = g.id
     29                                     INNER JOIN modules AS m ON ga.module_id = m.id
     30                                     WHERE m.name = :module AND g.name = :group LIMIT 1';
    3131
    3232    $DB_QUERIES['ADD_GROUP_ACL'] = 'INSERT INTO group_acls(module_id, group_id) VALUES(:module, :group)';
    33     $DB_QUERIES['USER_ACL'] =
    34             'SELECT count(u.id)
    35  FROM user_acls AS ua
    36  INNER JOIN users AS u ON ua.user_id = u.id
    37  INNER JOIN modules AS m ON ua.module_id = m.id
    38  WHERE m.name = :module AND u.name = :user LIMIT 1';
    39     $DB_QUERIES['GROUP_MEMBERSHIP'] =
    40             'SELECT g.name AS name, g.id AS id
    41  FROM groups AS g
    42  INNER JOIN group_membership AS gm ON g.id = gm.group_id
    43  INNER JOIN users AS u on u.id = gm.user_id
    44  WHERE u.name = :user';
    45     $DB_QUERIES['USER_DETAILS'] =
    46             'SELECT u.name AS name, u.password AS password, u.enabled AS enabled, u.id AS id
    47  FROM users AS u
    48  WHERE u.name = :user';
    49     $DB_QUERIES['USER_ROLES'] =
    50             'SELECT r.name AS name, r.id AS id
    51  FROM users AS u
    52  INNER JOIN user_roles AS ur ON ur.user_id = u.id
    53  INNER JOIN roles AS r ON r.id = ur.role_id
    54  WHERE u.name = :user';
    55     $DB_QUERIES['GROUP_ROLES'] =
    56             'SELECT r.name AS name, r.id AS id
    57  FROM groups AS g
    58  INNER JOIN group_roles AS gr ON gr.group_id = g.id
    59  INNER JOIN roles AS r ON r.id = gr.role_id
    60  WHERE g.name = :group';
     33    $DB_QUERIES['USER_ACL'] = 'SELECT count(u.id)
     34                                     FROM user_acls AS ua
     35                                     INNER JOIN users AS u ON ua.user_id = u.id
     36                                     INNER JOIN modules AS m ON ua.module_id = m.id
     37                                     WHERE m.name = :module AND u.name = :user LIMIT 1';
     38    $DB_QUERIES['GROUP_MEMBERSHIP'] = 'SELECT g.name AS name, g.id AS id
     39                                     FROM groups AS g
     40                                     INNER JOIN group_membership AS gm ON g.id = gm.group_id
     41                                     INNER JOIN users AS u on u.id = gm.user_id
     42                                     WHERE u.name = :user';
     43    $DB_QUERIES['USER_DETAILS'] = 'SELECT u.name AS name, u.password AS password, u.enabled AS enabled, u.id AS id
     44                                     FROM users AS u
     45                                     WHERE u.name = :user';
     46    $DB_QUERIES['USER_ROLES'] = 'SELECT r.name AS name, r.id AS id
     47                                     FROM users AS u
     48                                     INNER JOIN user_roles AS ur ON ur.user_id = u.id
     49                                     INNER JOIN roles AS r ON r.id = ur.role_id
     50                                     WHERE u.name = :user';
     51    $DB_QUERIES['GROUP_ROLES'] = 'SELECT r.name AS name, r.id AS id
     52                                     FROM groups AS g
     53                                     INNER JOIN group_roles AS gr ON gr.group_id = g.id
     54                                     INNER JOIN roles AS r ON r.id = gr.role_id
     55                                     WHERE g.name = :group';
    6156    $DB_QUERIES['USERS'] = 'SELECT id, name, password, enabled FROM users';
    6257    $DB_QUERIES['GROUPS'] = 'SELECT id, name FROM groups';
     
    8378    $DB_QUERIES['CREATE_MODULE'] = 'INSERT INTO modules(name) VALUES (:name)';
    8479    $DB_QUERIES['TABLE_EXISTS'] = 'SELECT 1 FROM :table LIMIT 1';
     80    $DB_QUERIES['GROUP_ACLS'] = 'SELECT groups.id as group_id, groups.name as group_name, modules.id as module_id, modules.name as module_name
     81                                    FROM group_acls
     82                                    INNER JOIN groups on groups.id = group_id
     83                                    INNER JOIN modules on modules.id = module_id';
    8584    return $DB_QUERIES;
    8685}
  • trunk/php-lib/src/FGWeb/DAO/DAO.php

    r273 r279  
    10281028
    10291029    /**
     1030     * @return mixed false if it fails, or an associative array of Modules and Groups
     1031     */
     1032    public function get_group_acls() {
     1033        try {
     1034            $stmt = $this->get_prepared_statement('GROUP_ACLS');
     1035            $result = $stmt->execute();
     1036
     1037            if ($this->is_sql_error($result, $stmt, __METHOD__)) {
     1038                $stmt->closeCursor();
     1039                throw new PDOException('Database error in ' . __METHOD__ . ' ' . print_r($stmt->errorinfo(), true));
     1040            }
     1041
     1042            $acls = array();
     1043            while ($res = $stmt->fetch(PDO::FETCH_ASSOC)) {
     1044                $group = new Group();
     1045                $group->set_name($res['group_name']);
     1046                $group->set_id($res['group_id']);
     1047                $module = new Module();
     1048                $module->set_name($res['module_name']);
     1049                $module->set_id($res['module_id']);
     1050                $acls[] = array('module' => $module, 'group' => $group);
     1051            }
     1052            $stmt->closeCursor();
     1053
     1054        } catch (Exception $ex) {
     1055            $this->LOG-err('Failed to query group acls: '.$ex->getMessage());
     1056            return false;
     1057        }
     1058        return $acls;
     1059    }
     1060    /**
    10301061     * Log the given exception and rollback the transaction.
    10311062     * @param PDOException $ex the exception to be logged.
  • trunk/php-lib/src/FGWeb/InitDb.php

    r274 r279  
    9393
    9494        try {
     95            $AnyModule = new Module();
     96            $AnyModule->set_name('*');
     97            $this->DAO->create_module($AnyModule) ? $AnyModule = $this->DAO->get_module($AnyModule) : $this->LOG-err("was unable to create the module: $AnyModule");
     98
    9599            $UserModule = new Module();
    96100            $UserModule->set_name('example1');
     
    133137            // create group ACLs
    134138            $this->DAO->add_group_acl($UserModule, $UserGroup);
    135             $this->DAO->add_group_acl($AdminModule, $AdminGroup);
     139            $this->DAO->add_group_acl($AdminModule, $UserGroup);
     140            $this->DAO->add_group_acl($AnyModule, $AdminGroup);
    136141
    137142            // add some users
  • trunk/php-lib/src/FGWeb/LoginService.php

    r275 r279  
    458458        }
    459459
     460        // Check if there is a star-rule that gives the user access
     461        $star = new Module();
     462        $star->set_name("*");
     463        if ($this->DAO->has_module_user_acl($star, $user)) {
     464            return true;
     465        }
     466
    460467        $groups = $this->DAO->get_group_membership($user);
    461468
    462469        // Check access based on group ACLs
    463470        foreach ($groups as $group) {
    464             if ($this->DAO->has_module_group_acl($module, $group)) {
     471            if ($this->DAO->has_module_group_acl($star, $group)
     472               || $this->DAO->has_module_group_acl($module, $group)) {
    465473                return true;
    466474            }
     
    588596
    589597    /**
     598     * Get the ACLs defined in the system.
     599     * @return array of ACLs
     600     */
     601    public function get_group_acls() {
     602        return $this->DAO->get_group_acls();
     603    }
     604    /**
    590605     * Register the user in the session.
    591606     * @param User $user the user that logged in.
Note: See TracChangeset for help on using the changeset viewer.