Skip to content
Browse files

some initial permissions work

  • Loading branch information...
1 parent c181a02 commit 5a9ad99d3fb63b6eaa314bd3736aafbcd4298c58 @fligtar committed Nov 18, 2009
View
143 moxie2/includes/models/group.model.php
@@ -0,0 +1,143 @@
+<?php
+
+class GroupModel extends Model {
+ public $table = 'groups';
+
+ // Permission levels, with room to grow
+ const PERMISSION_NONE = 0;
+ const PERMISSION_VIEW = 5;
+ const PERMISSION_CONTRIBUTE = 10;
+ const PERMISSION_CREATE = 15;
+ const PERMISSION_MANAGE = 20;
+
+ // Special groups. Special in a good way
+ const GROUP_ADMINS = 1;
+ const GROUP_REGISTERED = 2;
+ const GROUP_EVERYONE = 3;
+
+ /**
+ * Gets all groups for the given user, including special groups
+ */
+ public function getGroupsForUser($user_id = 0) {
+ if (empty($user_id)) {
+ // If no user id is passed, assume the current user if logged-in
+ if (!empty($_SESSION['id'])) {
+ $user_id = $_SESSION['id'];
+ }
+ }
+
+ // Everyone is in the Everyone group, amazingly
+ $group_ids = array(GroupModel::GROUP_EVERYONE);
+
+ if (!empty($user_id)) {
+ $_group_ids = $this->db->query("SELECT group_id FROM groups_users WHERE user_id = ".escape($user_id));
+ if (!empty($_group_ids)) {
+ foreach ($_group_ids as $group_id) {
+ $group_ids[] = $group_id['group_id'];
+ }
+ }
+
+ // Add registered users group
+ $group_ids[] = GroupModel::GROUP_REGISTERED;
+ }
+
+ // Get group info and permissions
+ $groups = $this->getAll('id IN ('.implode(',', $group_ids).')');
+
+ return $groups;
+ }
+
+ /**
+ * Adds the group's permission levels to an array of groups.
+ * Optionally can only add permissions for a given product.
+ */
+ public function addPermissionsToGroups(&$groups, $product_id = 0) {
+ if (empty($groups)) return false;
+
+ foreach ($groups as $k => $group) {
+ // If the group has a role_id instead of a permissionset_id, we need
+ // to query the role to get the permissionset_id
+ if (!empty($group['role_id'])) {
+ $_role = $this->db->query("SELECT permissionset_id FROM roles WHERE id = ".escape($group['role_id']));
+ $groups[$k]['permissionset_id'] = $_role[0]['permissionset_id'];
+ }
+
+ // Now, if we have a permissionset_id, we can get the permissionset
+ if (!empty($groups[$k]['permissionset_id'])) {
+ // if a product is specified, we filter on that
+ $where = !empty($product_id) ? " AND (product_id = ".escape($product_id).") OR product_id IS NULL" : '';
+
+ $permissions = $this->db->query("SELECT * FROM permissionsets WHERE id = ".escape($groups[$k]['permissionset_id']).$where);
+
+ $groups[$k]['permissions'] = array();
+
+ if (!empty($permissions)) {
+ foreach ($permissions as $permission) {
+ $pk = !empty($permission['product_id']) ? $permission['product_id'] : '*';
+ $groups[$k]['permissions'][$pk] = $permission;
+ }
+ }
+ }
+ }
+
+ return true;
+ }
+
+ /**
+ * Combines permissions from all the user's group to determine actual
+ * permissions for each product
+ */
+ public function sumPermissions(&$groups) {
+ if (empty($groups)) return false;
+
+ $permissions = array();
+
+ // Iterate through each of the user's groups
+ foreach ($groups as $group) {
+ if (empty($group['permissions'])) continue;
+
+ // Iterate through the each of the group's products
+ foreach ($group['permissions'] as $product_id => $group_perms) {
+ if (!array_key_exists($product_id, $permissions)) {
+ // No permissions yet for this product. Easy!
+ $permissions[$product_id] = $group_perms;
+ }
+ else {
+ // We already have some permissions. Figure out if any are more powerful
+ foreach ($group_perms as $perm => $level) {
+ if ($level > $permissions[$product_id][$perm]) {
+ $permissions[$product_id][$perm] = $level;
+ }
+ }
+ }
+ }
+ }
+
+ // Now that we have all the products added up, we need to go through the wildcard
+ // permissions to apply those to the specific groups. We do this now to save time
+ // when doing access checks later. Reasoning: When checking for access, we only
+ // look at wildcards if the product isn't defined. If the product is defined, we
+ // only look at that product, so it needs to have the entire permissions picture
+ // for that product.
+
+ // So... let's do that!
+ if (!empty($permissions['*'])) {
+ // Iterate through each product
+ foreach ($permissions as $product_id => $product_perms) {
+ if ($product_id == '*') continue;
+
+ // Determine if the wildcard perms are more powerful than specific products
+ foreach ($product_perms as $perm => $level) {
+ if ($permissions['*'][$perm] > $level) {
+ $permissions[$product_id][$perm] = $permissions['*'][$perm];
+ }
+ }
+ }
+ }
+
+ return $permissions;
+ }
+
+}
+
+?>
View
8 moxie2/settings.php
@@ -3,7 +3,7 @@
require 'includes/template.inc.php';
// Load models used by all actions on the page
-load_models('Product');
+load_models('Group', 'Product');
// Determine the product
$product = $Product->getProductFromURL($_GET['product']);
@@ -66,6 +66,12 @@
break;
case 'permissions':
+ $groups = $Group->getGroupsForUser(1);
+ $Group->addPermissionsToGroups($groups);
+ pr($groups);
+
+ $Group->sumPermissions($groups);
+
$template->set(array(
'page_name' => 'manage permissions'
));
View
2 moxie2/templates/default/settings/info.template.php
@@ -16,7 +16,7 @@
<dt><label for="info-description">product description</label></dt>
<dd>
<?php if (!empty($errors['description'])) echo '<p class="error">'.$errors['description'].'</p>'; ?>
- <p class="description">Briefly describe your product..</p>
+ <p class="description">Briefly describe your product.</p>
<p><textarea name="description" id="info-description" rows="3" cols="50" class="full"><?php echo $this->formValue('description', $product); ?></textarea></p>
</dd>
</dl>
View
37 moxie2/templates/default/settings/permissions.template.php
@@ -0,0 +1,37 @@
+<?php if (!empty($success_message)) echo '<div class="success-notice">'.$success_message.'</div>'; ?>
+<?php if (!empty($error_message)) echo '<div class="error-notice">'.$error_message.'</div>'; ?>
+
+<div class="spacious-form">
+<form method="post" action="">
+<table>
+ <thead>
+ <tr>
+ <th colspan="2"></th>
+ <th colspan="3"><?php echo $product['name']; ?> product</th>
+ </tr>
+ <tr>
+ <th>Group</th>
+ <th>Role</th>
+ <th>Product</th>
+ <th>Milestones</th>
+ <th>Projects</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td>Administrators</td>
+ <td><select>
+ <option></option>
+ </select></td>
+ <td>Manage</td>
+ <td>Manage</td>
+ <td>Manage</td>
+ </tr>
+ </tbody>
+</table>
+
+ <div>
+ <input type="submit" value="make it so" class="button" />
+ </div>
+</form>
+</div>

0 comments on commit 5a9ad99

Please sign in to comment.
Something went wrong with that request. Please try again.