New feature: Detailed survey permissions based on a CRUD model

Dev Removed last traces of obsolete surveys_rights table Dev Work in progress git-svn-id: file:///Users/Shitiz/Downloads/lssvn/source/limesurvey_dev@9338 b72ed6b6-b9f8-46b5-92b4-906544132732
LimeSurvey · Oct 25, 2010 · 85f35ab · 85f35ab
1 parent 9b1b466
commit 85f35ab
Show file tree

Hide file tree

Showing 11 changed files with 59 additions and 51 deletions.
diff --git a/admin/admin_functions.php b/admin/admin_functions.php
@@ -178,7 +178,29 @@ function SetSurveyPermissions($iUserID, $iSurveyID, $aPermissions)
     return $bResult;
 }
 
-
+/**
+* Gives all available survey permissions for a certain survey to a user 
+* 
+* @param mixed $iUserID  The User ID
+* @param mixed $iSurveyID The Survey ID
+*/
+function GiveAllSurveyPermissions($iUserID, $iSurveyID)
+{
+     $aPermissions=aGetBaseSurveyPermissions();
+     $aPermissionsToSet=array();
+     foreach ($aPermissions as $sPermissionName=>$aPermissionDetails)
+     {
+         foreach ($aPermissionDetails as $sPermissionDetailKey=>$sPermissionDetailValue)
+         {
+           if (in_array($sPermissionDetailKey,array('create','read','update','delete','import','export')) && $sPermissionDetailValue==true)
+           {
+               $aPermissionsToSet[$sPermissionName][$sPermissionDetailKey]=1;    
+           }
+
+         }
+     }
+     SetSurveyPermissions($iUserID, $iSurveyID, $aPermissionsToSet);
+}
 
 function gettemplatelist()
 {

diff --git a/admin/database.php b/admin/database.php
@@ -1386,16 +1386,8 @@ function get_max_question_order($gid)
         $isresult = $connect->Execute($isquery) or safe_die ($isquery."<br />".$connect->ErrorMsg()); // Checked
         unset($bplang);
 
-        // Update survey_rights
-        $aPermissions=aGetBaseSurveyPermissions();
-        foreach ($aPermissions as $sPermissionKey=>$aPermissionValues)
-        {
-
-            $isrquery = "INSERT INTO {$dbprefix}survey_permissions (sid,uid,permission,create_p,read_p,update_p,delete_p) 
-                         VALUES($surveyid,". $_SESSION['loginID'].",'{$sPermissionKey}',1,1,1,1)"; //inserts survey rights for owner
-            $isrresult = $connect->Execute($isrquery) or safe_die ($isrquery."<br />".$connect->ErrorMsg()); // Checked
-
-        }
+        // Update survey permissions
+        GiveAllSurveyPermissions($_SESSION['loginID'],$surveyid);
 
         $surveyselect = getsurveylist();
 

diff --git a/admin/html.php b/admin/html.php
@@ -1964,14 +1964,14 @@
     $_SESSION['USER_RIGHT_SUPERADMIN'] == 1)
     {
         if($postusergroupid > 0){
-            $query2 = "SELECT b.uid FROM (SELECT uid FROM ".db_table_name('surveys_rights')." WHERE sid = {$surveyid}) AS c RIGHT JOIN ".db_table_name('user_in_groups')." AS b ON b.uid = c.uid WHERE c.uid IS NULL AND b.ugid = {$postusergroupid}";
+            $query2 = "SELECT b.uid FROM (SELECT uid FROM ".db_table_name('survey_permissions')." WHERE sid = {$surveyid}) AS c RIGHT JOIN ".db_table_name('user_in_groups')." AS b ON b.uid = c.uid WHERE c.uid IS NULL AND b.ugid = {$postusergroupid}";
             $result2 = db_execute_assoc($query2); //Checked
             if($result2->RecordCount() > 0)
             {
                 while ($row2 = $result2->FetchRow())
                 {
                     $uid_arr[] = $row2['uid'];
-                    $isrquery = "INSERT INTO {$dbprefix}surveys_rights VALUES ($surveyid, {$row2['uid']},0,0,0,0,0,0,0) ";
+                    $isrquery = "INSERT INTO {$dbprefix}surveys_permissions (sid,uid,permission,read_p) VALUES ({$surveyid}, {$row2['uid']},'survey',1) ";
                     $isrresult = $connect->Execute($isrquery); //Checked
                     if (!$isrresult) break;
                 }

diff --git a/admin/import_functions.php b/admin/import_functions.php
@@ -481,8 +481,7 @@ function CSVImportSurvey($sFullFilepath,$iDesiredSurveyId=NULL)
 
 
     // DO SURVEY_RIGHTS
-    $isrquery = "INSERT INTO {$dbprefix}surveys_rights VALUES($newsid,".$_SESSION['loginID'].",1,1,1,1,1,1)";
-    @$isrresult = $connect->Execute($isrquery);
+    GiveAllSurveyPermissions($_SESSION['loginID'],$newsid);
     $importresults['deniedcountls'] =0;
 
 
@@ -1542,9 +1541,7 @@ function XMLImportSurvey($sFullFilepath,$sXMLdata=NULL,$sNewSurveyName=NULL,$iDe
     }
 
     // Set survey rights
-    $sQuery = "INSERT INTO {$dbprefix}surveys_rights (sid, uid, edit_survey_property, define_questions, browse_response, export, delete_survey, activate_survey) VALUES($newsid,".$_SESSION['loginID'].",1,1,1,1,1,1)";
-    $connect->Execute($sQuery);
-
+    GiveAllSurveyPermissions($_SESSION['loginID'],$newsid);
 
     return $results;
 }

diff --git a/admin/integritycheck.php b/admin/integritycheck.php
@@ -31,8 +31,8 @@
 
         /****** Plainly delete survey permissions if the survey or user does not exist ***/
 
-        $connect->query("delete FROM {$dbprefix}surveys_rights where sid not in (select sid from {$dbprefix}surveys)");
-        $connect->query("delete FROM {$dbprefix}surveys_rights where uid not in (select uid from {$dbprefix}users)");
+        $connect->query("delete FROM {$dbprefix}survey_permissions where sid not in (select sid from {$dbprefix}surveys)");
+        $connect->query("delete FROM {$dbprefix}survey_permissions where uid not in (select uid from {$dbprefix}users)");
 
         /***** Check for activate survey tables with missing survey entry **/
 

diff --git a/admin/remotecontrol/lsrc.helper.php b/admin/remotecontrol/lsrc.helper.php
@@ -2008,7 +2008,7 @@ function deleteSurvey($surveyid)
         $slsdel = "DELETE FROM {$dbprefix}surveys_languagesettings WHERE surveyls_survey_id=$surveyid";
         $slsres = $connect->Execute($slsdel);
 
-        $srdel = "DELETE FROM {$dbprefix}surveys_rights WHERE sid=$surveyid";
+        $srdel = "DELETE FROM {$dbprefix}surveys_permissions WHERE sid=$surveyid";
         $srres = $connect->Execute($srdel);
 
         $srdel = "DELETE FROM {$dbprefix}saved_control WHERE sid=$surveyid";

diff --git a/admin/scripts/fckeditor.266/editor/filemanager/connectors/php/config.php b/admin/scripts/fckeditor.266/editor/filemanager/connectors/php/config.php
@@ -28,6 +28,7 @@
 // read LimeSurvey config files and standard library
 require_once(dirname(__FILE__).'/../../../../../../../config-defaults.php');
 require_once(dirname(__FILE__).'/../../../../../../../common.php');
+require_once(dirname(__FILE__).'/../../../../../../admin_functions.php');
 
 $usquery = "SELECT stg_value FROM ".db_table_name("settings_global")." where stg_name='SessionName'";
 $usresult = db_execute_assoc($usquery,'',true);
@@ -66,12 +67,9 @@
         $contextarray=split(':',$_SESSION['FileManagerContext'],3);
         $surveyid=$contextarray[2];
 
-        // now check if the user has survey design rights
-        $surquery = "SELECT * FROM {$dbprefix}surveys_rights WHERE sid=".db_quote($surveyid)." AND uid = ".db_quote($_SESSION['loginID']); //Getting rights for this survey
-        $surresult = db_execute_assoc($surquery);
-        $surrows = $surresult->FetchRow();
 
-        if($_SESSION['USER_RIGHT_SUPERADMIN'] == 1 ||$surrows['define_questions'])
+
+        if(bHasSurveyPermission($surveyid,'surveycontent','update'))
         {
             $Config['Enabled'] = true ;
             $Config['UserFilesPath'] = "$relativeurl/upload/surveys/$surveyid/" ;

diff --git a/admin/update/upgrade-mysql.php b/admin/update/upgrade-mysql.php
@@ -415,6 +415,8 @@ function db_upgrade($oldversion) {
         modify_database("", "ALTER TABLE `prefix_survey_permissions` ADD `read_p` tinyint(1) NOT NULL default '0'"); echo $modifyoutput; flush();
         modify_database("", "ALTER TABLE `prefix_survey_permissions` ADD `update_p` tinyint(1) NOT NULL default '0'"); echo $modifyoutput; flush();
         modify_database("", "ALTER TABLE `prefix_survey_permissions` ADD `delete_p` tinyint(1) NOT NULL default '0'"); echo $modifyoutput; flush();
+        modify_database("", "ALTER TABLE `prefix_survey_permissions` ADD `import_p` tinyint(1) NOT NULL default '0'"); echo $modifyoutput; flush();
+        modify_database("", "ALTER TABLE `prefix_survey_permissions` ADD `export_p` tinyint(1) NOT NULL default '0'"); echo $modifyoutput; flush();
 		upgrade_surveypermissions_table145();
 
         modify_database("", "ALTER TABLE `prefix_survey_permissions` DROP COLUMN `edit_survey_property`"); echo $modifyoutput; flush();

diff --git a/admin/usercontrol.php b/admin/usercontrol.php
@@ -455,7 +455,7 @@
                 $dresult=$connect->Execute($dquery);  //Checked
 
                 // Delete user rights
-                $dquery="DELETE FROM {$dbprefix}surveys_rights WHERE uid=".$postuserid;
+                $dquery="DELETE FROM {$dbprefix}survey_permissions WHERE uid=".$postuserid;
                 $dresult=$connect->Execute($dquery); //Checked
 
                 if($postuserid == $_SESSION['loginID']) killSession();	// user deleted himself

diff --git a/common_functions.php b/common_functions.php
@@ -30,9 +30,9 @@ function aGetBaseSurveyPermissions()
                     'assessments'=>array('create'=>true,'read'=>true,'update'=>true,'delete'=>true,'import'=>false,'export'=>false,'title'=>$clang->gT("Assessments"),'description'=>$clang->gT("Permission to create/view/update/delete assessments rules for a survey")),  // Checked
                     'quotas'=>array('create'=>true,'read'=>true,'update'=>true,'delete'=>true,'import'=>false,'export'=>false,'title'=>$clang->gT("Quotas"),'description'=>$clang->gT("Permission to create/view/update/delete quota rules for a survey")), // Checked
                     'responses'=>array('create'=>true,'read'=>true,'update'=>true,'delete'=>true,'import'=>true,'export'=>true,'title'=>$clang->gT("Responses"),'description'=>$clang->gT("Permission to create(data entry)/view/update/delete/import/export responses")), //Checked
-                    'statistics'=>array('create'=>false,'read'=>true,'update'=>false,'delete'=>false,'import'=>false,'export'=>false,'title'=>$clang->gT("Statistics"),'description'=>$clang->gT("Permission to view statistics")), 
-                    'survey'=>array('create'=>false,'read'=>true,'update'=>false,'delete'=>true,'import'=>false,'export'=>false,'title'=>$clang->gT("Survey deletion"),'description'=>$clang->gT("Permission to delete a survey")), 
-                    'surveyactivation'=>array('create'=>false,'read'=>false,'update'=>true,'delete'=>false,'import'=>false,'export'=>false,'title'=>$clang->gT("Survey activation"),'description'=>$clang->gT("Permission to activate/deactivate a survey")), 
+                    'statistics'=>array('create'=>false,'read'=>true,'update'=>false,'delete'=>false,'import'=>false,'export'=>false,'title'=>$clang->gT("Statistics"),'description'=>$clang->gT("Permission to view statistics")),    //Checked  
+                    'survey'=>array('create'=>false,'read'=>true,'update'=>false,'delete'=>true,'import'=>false,'export'=>false,'title'=>$clang->gT("Survey deletion"),'description'=>$clang->gT("Permission to delete a survey")),   //Checked  
+                    'surveyactivation'=>array('create'=>false,'read'=>false,'update'=>true,'delete'=>false,'import'=>false,'export'=>false,'title'=>$clang->gT("Survey activation"),'description'=>$clang->gT("Permission to activate/deactivate a survey")),  //Checked  
                     'surveycontent'=>array('create'=>true,'read'=>true,'update'=>true,'delete'=>true,'import'=>true,'export'=>true,'title'=>$clang->gT("Survey content"),'description'=>$clang->gT("Permission to create/view/update/delete/import/export the questions, groups, answers & conditions of a survey")), // Checked
                     'surveylocale'=>array('create'=>false,'read'=>true,'update'=>true,'delete'=>false,'import'=>false,'export'=>false,'title'=>$clang->gT("Survey locale settings"),'description'=>$clang->gT("Permission to view/update the survey locale settings")), 
                     'surveysecurity'=>array('create'=>true,'read'=>true,'update'=>true,'delete'=>true,'import'=>false,'export'=>false,'title'=>$clang->gT("Survey security"),'description'=>$clang->gT("Permission to modify survey security settings")), 

diff --git a/config-defaults.php b/config-defaults.php
@@ -510,27 +510,24 @@
 
 //The following url and dir locations do not need to be modified unless you have a non-standard
 //LimeSurvey installation. Do not change unless you know what you are doing.
-$homeurl        =   "$rooturl/admin";                           // The website location (url) of the admin scripts
-$publicurl      =   "$rooturl";                                 // The public website location (url) of the public survey script
-$tempurl        =   "$rooturl/tmp";
-$imageurl       =   "$rooturl/images";                          // Location of button bar files for admin script
-
-//Location of the user directory
-$uploaddir      =     "$rootdir".DIRECTORY_SEPARATOR."upload";
-$uploadurl      =     "$rooturl/upload";
-
-// Location of the user templates
-$usertemplaterootdir= "$uploaddir".DIRECTORY_SEPARATOR."templates"; // Location of the templates
-$usertemplaterooturl= "$uploadurl/templates"; // Location of the templates
-
-// Location of the standard tempaltes
-$standardtemplaterootdir= "$rootdir".DIRECTORY_SEPARATOR."templates";               // Location of the templates
-$standardtemplaterooturl= "$rooturl/templates"; // Location of the templates
-
-$homedir        =   "$rootdir".DIRECTORY_SEPARATOR."admin";     // The physical disk location of the admin scripts
-$publicdir      =   "$rootdir";                                 // The physical disk location of the public scripts
-$tempdir        =   "$rootdir".DIRECTORY_SEPARATOR."tmp";       // The physical location where LimeSurvey can store temporary files
-$imagedir        =  "$rootdir".DIRECTORY_SEPARATOR."images";    // Image directory
+
+$homeurl                 = "$rooturl/admin";         // The website location (url) of the admin scripts
+$publicurl               = "$rooturl";               // The public website location (url) of the public survey script
+$tempurl                 = "$rooturl/tmp";
+$imageurl                = "$rooturl/images";        // Location of button bar files for admin script
+$uploadurl               = "$rooturl/upload";
+$standardtemplaterooturl = "$rooturl/templates";     // Location of the standard templates
+$usertemplaterooturl     = "$uploadurl/templates";   // Location of the user templates
+
+
+$homedir                 = "$rootdir".DIRECTORY_SEPARATOR."admin";       // The directory path of the admin scripts
+$publicdir               = "$rootdir";                                   // The directory path of the public scripts
+$tempdir                 = "$rootdir".DIRECTORY_SEPARATOR."tmp";         // The directory path where LimeSurvey can store temporary files
+$imagedir                = "$rootdir".DIRECTORY_SEPARATOR."images";      // The directory path of the image directory
+$uploaddir               = "$rootdir".DIRECTORY_SEPARATOR."upload";
+$standardtemplaterootdir = "$rootdir".DIRECTORY_SEPARATOR."templates";   // The directory path of the standard templates
+$usertemplaterootdir     = "$uploaddir".DIRECTORY_SEPARATOR."templates"; // The directory path of the user templates           
+
 // Note: For OS/2 the $tempdir may need to be defined as an actual directory
 // example: "x:/limesurvey/tmp". We don't know why.
 $sFCKEditorURL   =   "$homeurl/scripts/fckeditor.266";