--- /dev/null
+<?php
+/**
+ * The Horde_Perms_Datatree:: class provides a DataTree driver for the Horde
+ * permissions system.
+ *
+ * Copyright 2001-2010 The Horde Project (http://www.horde.org/)
+ *
+ * See the enclosed file COPYING for license information (LGPL). If you
+ * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
+ *
+ * @author Chuck Hagenbuch <chuck@horde.org>
+ * @author Jan Schneider <jan@horde.org>
+ * @category Horde
+ * @package Horde_Perms
+ */
+class Horde_Perms_Datatree extends Horde_Perms
+{
+ /**
+ * Pointer to a DataTree instance to manage the different permissions.
+ *
+ * @var DataTree
+ */
+ protected $_datatree;
+
+ /**
+ * Incrementing version number if cached classes change.
+ *
+ * @var integer
+ */
+ private $_cacheVersion = 2;
+
+ /**
+ * Cache for getPermission().
+ *
+ * @var array
+ */
+ protected $_permsCache = array();
+
+ /**
+ * Constructor.
+ *
+ * @param array $params Configuration parameters (in addition to base
+ * Horde_Perms parameters):
+ * <pre>
+ * 'datatree' - (DataTree) A datatree object. [REQUIRED]
+ * </pre>
+ *
+ * @throws Horde_Perms_Exception
+ */
+ public function __construct($params = array())
+ {
+ if (empty($params['datatree'])) {
+ throw new Horde_Perms_Exception('You must configure a DataTree backend.');
+ }
+
+ $this->_datatree = $params['datatree'];
+
+ parent::__construct($params);
+ }
+
+ /**
+ * Returns a new permissions object.
+ *
+ * @param string $name The permission's name.
+ *
+ * @return DataTreeObject_Permissions A new permissions object.
+ */
+ public function newPermission($name)
+ {
+ $type = 'matrix';
+ $params = null;
+
+ if ($pos = strpos($name, ':')) {
+ try {
+ $info = $this->getApplicationPermissions(substr($name, 0, $pos));
+ if (isset($info['type']) && isset($info['type'][$name])) {
+ $type = $info['type'][$name];
+ }
+
+ if (isset($info['params']) && isset($info['params'][$name])) {
+ $params = $info['params'][$name];
+ }
+ } catch (Horde_Perms_Exception $e) {}
+ }
+
+ $perm = new Horde_Perms_Permission_DataTreeObject($name, $this->_cacheVersion, $type, $params);
+ $perm->setCacheOb($this->_cache);
+ $perm->setDataTree($this->_datatree);
+
+ return $perm;
+ }
+
+ /**
+ * Returns a permission object corresponding to the named permission,
+ * with the users and other data retrieved appropriately.
+ *
+ * @param string $name The name of the permission to retrieve.
+ *
+ * @return TODO
+ */
+ public function getPermission($name)
+ {
+ if (isset($this->_permsCache[$name])) {
+ return $this->_permsCache[$name];
+ }
+
+ $perm = $this->_cache->get('perm_' . $this->_cacheVersion . $name, $GLOBALS['conf']['cache']['default_lifetime']);
+ if ($perm === false) {
+ $perm = $this->_datatree->getObject($name, 'Horde_Perms_Permission_DataTreeObject');
+ $perm->setCacheVersion($this->_cacheVersion);
+ $this->_cache->set('perm_' . $this->_cacheVersion . $name, serialize($perm), $GLOBALS['conf']['cache']['default_lifetime']);
+ $this->_permsCache[$name] = $perm;
+ } else {
+ $this->_permsCache[$name] = unserialize($perm);
+ }
+
+ $this->_permsCache[$name]->setCacheOb($this->_cache);
+ $this->_permsCache[$name]->setDataTree($this->_datatree);
+
+ return $this->_permsCache[$name];
+ }
+
+ /**
+ * Returns a permission object corresponding to the given unique ID,
+ * with the users and other data retrieved appropriately.
+ *
+ * @param integer $cid The unique ID of the permission to retrieve.
+ */
+ public function getPermissionById($cid)
+ {
+ if ($cid == Horde_Perms::ROOT) {
+ return $this->newPermission(Horde_Perms::ROOT);
+ }
+ $perm = $this->_datatree->getObjectById($cid, 'Horde_Perms_Permission_DataTreeObject');
+ $perm->setCacheVersion($this->_cacheVersion);
+ return $perm;
+ }
+
+ /**
+ * Adds a permission to the permissions system. The permission must first
+ * be created with newPermission(), and have any initial users added to
+ * it, before this function is called.
+ *
+ * @param Horde_Perms_Permission_DataTreeObject $perm The new perm
+ * object.
+ * @throws Horde_Perms_Exception
+ */
+ public function addPermission(Horde_Perms_Permission_DataTreeObject $perm)
+ {
+ $name = $perm->getName();
+ if (empty($name)) {
+ throw Horde_Perms_Exception('Permission names must be non-empty.');
+ }
+ $this->_cache->expire('perm_' . $this->_cacheVersion . $name);
+ $this->_cache->expire('perm_exists_' . $this->_cacheVersion . $name);
+
+ return $this->_datatree->add($perm);
+ }
+
+ /**
+ * Removes a permission from the permissions system permanently.
+ *
+ * @param Horde_Perms_Permission_DataTreeObject $perm The permission to
+ * remove.
+ * @param boolean $force Force to remove
+ * every child.
+ */
+ public function removePermission(Horde_Perms_Permission_DataTreeObject $perm, $force = false)
+ {
+ $keys = $this->_datatree->get(DATATREE_FORMAT_FLAT, $perm->name, true);
+ foreach ($keys as $key) {
+ $this->_cache->expire('perm_' . $this->_cacheVersion . $key);
+ $this->_cache->expire('perm_exists_' . $this->_cacheVersion . $key);
+ }
+
+ return $this->_datatree->remove($perm->name, $force);
+ }
+
+ /**
+ * Returns the unique identifier of this permission.
+ *
+ * @param Horde_Perms_Permission_DataTreeObject $perm The permission
+ * object to get the
+ * ID of.
+ *
+ * @return integer The unique id.
+ */
+ public function getPermissionId($permission)
+ {
+ return $this->_datatree->getId($permission->getName());
+ }
+
+ /**
+ * Checks if a permission exists in the system.
+ *
+ * @param string $permission The permission to check.
+ *
+ * @return boolean True if the permission exists.
+ */
+ public function exists($permission)
+ {
+ $key = 'perm_exists_' . $this->_cacheVersion . $permission;
+ $exists = $this->_cache->get($key, $GLOBALS['conf']['cache']['default_lifetime']);
+ if ($exists === false) {
+ $exists = $this->_datatree->exists($permission);
+ $this->_cache->set($key, (string)$exists);
+ }
+
+ return (bool)$exists;
+ }
+
+ /**
+ * Returns a list of parent permissions.
+ *
+ * @param string $child The name of the child to retrieve parents for.
+ *
+ * @return array A hash with all parents in a tree format.
+ */
+ public function getParents($child)
+ {
+ return $this->_datatree->getParents($child);
+ }
+
+ /**
+ * Returns a child's direct parent ID.
+ *
+ * @param mixed $child Either the object, an array containing the
+ * path elements, or the object name for which
+ * to look up the parent's ID.
+ *
+ * @return mixed The unique ID of the parent or PEAR_Error on error.
+ */
+ public function getParent($child)
+ {
+ return $this->_datatree->getParent($child);
+ }
+
+ /**
+ * Returns all permissions of the system in a tree format.
+ *
+ * @return array A hash with all permissions in a tree format.
+ */
+ public function getTree()
+ {
+ return $this->_datatree->get(DATATREE_FORMAT_FLAT, Horde_Perms::ROOT, true);
+ }
+
+}
--- /dev/null
+<?php
+/**
+ * Extension of the DataTreeObject class for storing Permission information in
+ * the DataTree driver. If you want to store specialized Permission
+ * information, you should extend this class instead of extending
+ * DataTreeObject directly.
+ *
+ * @TODO This class duplicates most of the functionality of the
+ * Horde_Permission class. However, because for BC/DataTree reasons it
+ * must extend DataTreeObject, we can't remove these methods yet.
+ *
+ * @author Chuck Hagenbuch <chuck@horde.org>
+ * @author Jan Schneider <jan@horde.org>
+ * @category Horde
+ * @package Horde_Perms
+ */
+class Horde_Perms_Permission_DataTreeObject extends DataTreeObject
+{
+ /**
+ * Cache object.
+ *
+ * @var Horde_Cache
+ */
+ protected $_cache;
+
+ /**
+ * Constructor. Just makes sure to call the parent constructor so that
+ * the perm's name is set properly.
+ *
+ * @param string $name The name of the perm.
+ * @param string $type The permission type.
+ * @param array $params A hash with any parameters that the permission
+ * type needs.
+ */
+ public function __construct($name, $type = 'matrix', $params = null)
+ {
+ parent::DataTreeObject($name);
+
+ $this->data['type'] = $type;
+ if (is_array($params)) {
+ $this->data['params'] = $params;
+ }
+ }
+
+ /**
+ * Don't store cache object on serialize().
+ *
+ * @return array List of variables to serialize.
+ */
+ public function __sleep()
+ {
+ return array_diff(array_keys(get_class_vars(__CLASS__)), array('_cache'));
+ }
+
+ /**
+ * Sets the cache instance in the object.
+ *
+ * @param Horde_Cache $cache The cache object.
+ */
+ public function setCacheOb(Horde_Cache $cache)
+ {
+ $this->_cache = $cache;
+ }
+
+ /**
+ * Gets one of the attributes of the object, or null if it isn't defined.
+ *
+ * @param string $attribute The attribute to get.
+ *
+ * @return mixed The value of the attribute, or null.
+ */
+ public function get($attribute)
+ {
+ $value = parent::get($attribute);
+
+ return (is_null($value) && $attribute == 'type')
+ ? 'matrix'
+ : $value;
+ }
+
+ /**
+ * Updates the permissions based on data passed in the array.
+ *
+ * @param array $perms An array containing the permissions which are to
+ * be updated.
+ */
+ public function updatePermissions($perms)
+ {
+ $type = $this->get('type');
+
+ if ($type == 'matrix') {
+ /* Array of permission types to iterate through. */
+ $perm_types = Horde_Perms::getPermsArray();
+ }
+
+ foreach ($perms as $perm_class => $perm_values) {
+ switch ($perm_class) {
+ case 'default':
+ case 'guest':
+ case 'creator':
+ if ($type == 'matrix') {
+ foreach ($perm_types as $val => $label) {
+ if (!empty($perm_values[$val])) {
+ $this->setPerm($perm_class, $val, false);
+ } else {
+ $this->unsetPerm($perm_class, $val, false);
+ }
+ }
+ } elseif (!empty($perm_values)) {
+ $this->setPerm($perm_class, $perm_values, false);
+ } else {
+ $this->unsetPerm($perm_class, null, false);
+ }
+ break;
+
+ case 'u':
+ case 'g':
+ $permId = array('class' => $perm_class == 'u' ? 'users' : 'groups');
+ /* Figure out what names that are stored in this permission
+ * class have not been submitted for an update, ie. have been
+ * removed entirely. */
+ $current_names = isset($this->data[$permId['class']])
+ ? array_keys($this->data[$permId['class']])
+ : array();
+ $updated_names = array_keys($perm_values);
+ $removed_names = array_diff($current_names, $updated_names);
+
+ /* Remove any names that have been completely unset. */
+ foreach ($removed_names as $name) {
+ unset($this->data[$permId['class']][$name]);
+ }
+
+ /* If nothing to actually update finish with this case. */
+ if (is_null($perm_values)) {
+ continue;
+ }
+
+ /* Loop through the names and update permissions for each. */
+ foreach ($perm_values as $name => $name_values) {
+ $permId['name'] = $name;
+
+ if ($type == 'matrix') {
+ foreach ($perm_types as $val => $label) {
+ if (!empty($name_values[$val])) {
+ $this->setPerm($permId, $val, false);
+ } else {
+ $this->unsetPerm($permId, $val, false);
+ }
+ }
+ } elseif (!empty($name_values)) {
+ $this->setPerm($permId, $name_values, false);
+ } else {
+ $this->unsetPerm($permId, null, false);
+ }
+ }
+ break;
+ }
+ }
+ }
+
+ /**
+ * TODO
+ */
+ public function setPerm($permId, $permission, $update = true)
+ {
+ if (is_array($permId)) {
+ if (empty($permId['name'])) {
+ return;
+ }
+ if ($this->get('type') == 'matrix' &&
+ isset($this->data[$permId['class']][$permId['name']])) {
+ $this->data[$permId['class']][$permId['name']] |= $permission;
+ } else {
+ $this->data[$permId['class']][$permId['name']] = $permission;
+ }
+ } else {
+ if ($this->get('type') == 'matrix' &&
+ isset($this->data[$permId])) {
+ $this->data[$permId] |= $permission;
+ } else {
+ $this->data[$permId] = $permission;
+ }
+ }
+
+ if ($update) {
+ $this->save();
+ }
+ }
+
+ /**
+ * TODO
+ */
+ public function unsetPerm($permId, $permission, $update = true)
+ {
+ if (is_array($permId)) {
+ if (empty($permId['name'])) {
+ return;
+ }
+ if ($this->get('type') == 'matrix') {
+ if (isset($this->data[$permId['class']][$permId['name']])) {
+ $this->data[$permId['class']][$permId['name']] &= ~$permission;
+ if (empty($this->data[$permId['class']][$permId['name']])) {
+ unset($this->data[$permId['class']][$permId['name']]);
+ }
+ if ($update) {
+ $this->save();
+ }
+ }
+ } else {
+ unset($this->data[$permId['class']][$permId['name']]);
+ if ($update) {
+ $this->save();
+ }
+ }
+ } else {
+ if ($this->get('type') == 'matrix') {
+ if (isset($this->data[$permId])) {
+ $this->data[$permId] &= ~$permission;
+ if ($update) {
+ $this->save();
+ }
+ }
+ } else {
+ unset($this->data[$permId]);
+ if ($update) {
+ $this->save();
+ }
+ }
+ }
+ }
+
+ /**
+ * Grants a user additional permissions to this object.
+ *
+ * @param string $user The user to grant additional permissions
+ * to.
+ * @param integer $permission The permission (DELETE, etc.) to add.
+ * @param boolean $update Whether to automatically update the
+ * backend.
+ */
+ public function addUserPermission($user, $permission, $update = true)
+ {
+ if (empty($user)) {
+ return;
+ }
+
+ if ($this->get('type') == 'matrix' &&
+ isset($this->data['users'][$user])) {
+ $this->data['users'][$user] |= $permission;
+ } else {
+ $this->data['users'][$user] = $permission;
+ }
+
+ if ($update) {
+ $this->save();
+ }
+ }
+
+ /**
+ * Grants guests additional permissions to this object.
+ *
+ * @param integer $permission The permission (DELETE, etc.) to add.
+ * @param boolean $update Whether to automatically update the
+ * backend.
+ */
+ public function addGuestPermission($permission, $update = true)
+ {
+ if ($this->get('type') == 'matrix' &&
+ isset($this->data['guest'])) {
+ $this->data['guest'] |= $permission;
+ } else {
+ $this->data['guest'] = $permission;
+ }
+
+ if ($update) {
+ $this->save();
+ }
+ }
+
+ /**
+ * Grants creators additional permissions to this object.
+ *
+ * @param integer $permission The permission (DELETE, etc.) to add.
+ * @param boolean $update Whether to automatically update the
+ * backend.
+ */
+ public function addCreatorPermission($permission, $update = true)
+ {
+ if ($this->get('type') == 'matrix' &&
+ isset($this->data['creator'])) {
+ $this->data['creator'] |= $permission;
+ } else {
+ $this->data['creator'] = $permission;
+ }
+
+ if ($update) {
+ $this->save();
+ }
+ }
+
+ /**
+ * Grants additional default permissions to this object.
+ *
+ * @param integer $permission The permission (DELETE, etc.) to add.
+ * @param boolean $update Whether to automatically update the
+ * backend.
+ */
+ public function addDefaultPermission($permission, $update = true)
+ {
+ if ($this->get('type') == 'matrix' &&
+ isset($this->data['default'])) {
+ $this->data['default'] |= $permission;
+ } else {
+ $this->data['default'] = $permission;
+ }
+
+ if ($update) {
+ $this->save();
+ }
+ }
+
+ /**
+ * Grants a group additional permissions to this object.
+ *
+ * @param integer $groupId The id of the group to grant additional
+ * permissions to.
+ * @param integer $permission The permission (DELETE, etc.) to add.
+ * @param boolean $update Whether to automatically update the
+ * backend.
+ */
+ public function addGroupPermission($groupId, $permission, $update = true)
+ {
+ if (empty($groupId)) {
+ return;
+ }
+
+ if ($this->get('type') == 'matrix' &&
+ isset($this->data['groups'][$groupId])) {
+ $this->data['groups'][$groupId] |= $permission;
+ } else {
+ $this->data['groups'][$groupId] = $permission;
+ }
+
+ if ($update) {
+ $this->save();
+ }
+ }
+
+ /**
+ * Removes a permission that a user currently has on this object.
+ *
+ * @param string $user The user to remove the permission from.
+ * @param integer $permission The permission (DELETE, etc.) to
+ * remove.
+ * @param boolean $update Whether to automatically update the
+ * backend.
+ */
+ public function removeUserPermission($user, $permission, $update = true)
+ {
+ if (empty($user) || !isset($this->data['users'][$user])) {
+ return;
+ }
+
+ if ($this->get('type') == 'matrix') {
+ $this->data['users'][$user] &= ~$permission;
+ if (empty($this->data['users'][$user])) {
+ unset($this->data['users'][$user]);
+ }
+ } else {
+ unset($this->data['users'][$user]);
+ }
+
+ if ($update) {
+ $this->save();
+ }
+ }
+
+ /**
+ * Removes a permission that guests currently have on this object.
+ *
+ * @param integer $permission The permission (DELETE, etc.) to remove.
+ * @param boolean $update Whether to automatically update the
+ * backend.
+ */
+ public function removeGuestPermission($permission, $update = true)
+ {
+ if (!isset($this->data['guest'])) {
+ return;
+ }
+
+ if ($this->get('type') == 'matrix') {
+ $this->data['guest'] &= ~$permission;
+ } else {
+ unset($this->data['guest']);
+ }
+
+ if ($update) {
+ $this->save();
+ }
+ }
+
+ /**
+ * Removes a permission that creators currently have on this object.
+ *
+ * @param integer $permission The permission (DELETE, etc.) to remove.
+ * @param boolean $update Whether to automatically update the
+ * backend.
+ */
+ public function removeCreatorPermission($permission, $update = true)
+ {
+ if (!isset($this->data['creator'])) {
+ return;
+ }
+
+ if ($this->get('type') == 'matrix') {
+ $this->data['creator'] &= ~$permission;
+ } else {
+ unset($this->data['creator']);
+ }
+
+ if ($update) {
+ $this->save();
+ }
+ }
+
+ /**
+ * Removes a default permission on this object.
+ *
+ * @param integer $permission The permission (DELETE, etc.) to remove.
+ * @param boolean $update Whether to automatically update the
+ * backend.
+ */
+ public function removeDefaultPermission($permission, $update = true)
+ {
+ if (!isset($this->data['default'])) {
+ return;
+ }
+
+ if ($this->get('type') == 'matrix') {
+ $this->data['default'] &= ~$permission;
+ } else {
+ unset($this->data['default']);
+ }
+
+ if ($update) {
+ $this->save();
+ }
+ }
+
+ /**
+ * Removes a permission that a group currently has on this object.
+ *
+ * @param integer $groupId The id of the group to remove the
+ * permission from.
+ * @param integer $permission The permission (DELETE, etc.) to remove.
+ * @param boolean $update Whether to automatically update the
+ * backend.
+ */
+ public function removeGroupPermission($groupId, $permission,
+ $update = true)
+ {
+ if (empty($groupId) || !isset($this->data['groups'][$groupId])) {
+ return;
+ }
+
+ if ($this->get('type') == 'matrix') {
+ $this->data['groups'][$groupId] &= ~$permission;
+ if (empty($this->data['groups'][$groupId])) {
+ unset($this->data['groups'][$groupId]);
+ }
+ } else {
+ unset($this->data['groups'][$groupId]);
+ }
+
+ if ($update) {
+ $this->save();
+ }
+ }
+
+ /**
+ * Returns an array of all user permissions on this object.
+ *
+ * @param integer $perm List only users with this permission level.
+ * Defaults to all users.
+ *
+ * @return array All user permissions for this object, indexed by user.
+ */
+ public function getUserPermissions($perm = null)
+ {
+ if (!isset($this->data['users']) || !is_array($this->data['users'])) {
+ return array();
+ } elseif (!$perm) {
+ return $this->data['users'];
+ }
+
+ $users = array();
+ foreach ($this->data['users'] as $user => $uperm) {
+ if ($uperm & $perm) {
+ $users[$user] = $uperm;
+ }
+ }
+
+ return $users;
+ }
+
+ /**
+ * Returns the guest permissions on this object.
+ *
+ * @return integer The guest permissions on this object.
+ */
+ public function getGuestPermissions()
+ {
+ return empty($this->data['guest'])
+ ? null
+ : $this->data['guest'];
+ }
+
+ /**
+ * Returns the creator permissions on this object.
+ *
+ * @return integer The creator permissions on this object.
+ */
+ public function getCreatorPermissions()
+ {
+ return empty($this->data['creator'])
+ ? null
+ : $this->data['creator'];
+ }
+
+ /**
+ * Returns the default permissions on this object.
+ *
+ * @return integer The default permissions on this object.
+ */
+ public function getDefaultPermissions()
+ {
+ return empty($this->data['default'])
+ ? null
+ : $this->data['default'];
+ }
+
+ /**
+ * Returns an array of all group permissions on this object.
+ *
+ * @param integer $perm List only users with this permission level.
+ * Defaults to all users.
+ *
+ * @return array All group permissions for this object, indexed by group.
+ */
+ public function getGroupPermissions($perm = null)
+ {
+ if (!isset($this->data['groups']) ||
+ !is_array($this->data['groups'])) {
+ return array();
+ } elseif (!$perm) {
+ return $this->data['groups'];
+ }
+
+ $groups = array();
+ foreach ($this->data['groups'] as $group => $gperm) {
+ if ($gperm & $perm) {
+ $groups[$group] = $gperm;
+ }
+ }
+
+ return $groups;
+ }
+
+ /**
+ * Saves any changes to this object to the backend permanently. New
+ * objects are added instead.
+ *
+ * @throws Horde_Perms_Exception
+ */
+ public function save()
+ {
+ $name = $this->getName();
+ if (empty($name)) {
+ throw new Horde_Perms_Exception('Permission names must be non-empty');
+ }
+
+ parent::save();
+
+ if ($this->_cache) {
+ $this->_cache->expire('perm_' . $this->_cacheVersion . $name);
+ $this->_cache->expire('perm_exists_' . $this->_cacheVersion . $name);
+ }
+ }
+
+}
projects / horde.git / commitdiff