/
Simple.php
330 lines (306 loc) · 9.18 KB
/
Simple.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
<?php
/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
/**
* A framework for authentication and authorization in PHP applications
*
* LiveUser is an authentication/permission framework designed
* to be flexible and easily extendable.
*
* Since it is impossible to have a
* "one size fits all" it takes a container
* approach which should enable it to
* be versatile enough to meet most needs.
*
* PHP version 4 and 5
*
* LICENSE: This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston,
* MA 02111-1307 USA
*
*
* @category authentication
* @package LiveUser
* @author Markus Wolff <wolff@21st.de>
* @author Helgi Þormar Þorbjörnsson <dufuz@php.net>
* @author Lukas Smith <smith@pooteeweet.org>
* @author Arnaud Limbourg <arnaud@php.net>
* @author Pierre-Alain Joye <pajoye@php.net>
* @author Bjoern Kraus <krausbn@php.net>
* @copyright 2002-2006 Markus Wolff
* @license http://www.gnu.org/licenses/lgpl.txt
* @version CVS: $Id$
* @link http://pear.php.net/LiveUser
*/
/**
* Base class for permission handling. Provides the simplest
* set of permission handling features.
*
* This class provides a set of functions for implementing a user
* permission management system on live websites. All authorisation
* backends/containers must extend this base class.
*
* @category authentication
* @package LiveUser
* @author Markus Wolff <wolff@21st.de>
* @author Bjoern Kraus <krausbn@php.net>
* @copyright 2002-2006 Markus Wolff
* @license http://www.gnu.org/licenses/lgpl.txt
* @version Release: @package_version@
* @link http://pear.php.net/LiveUser
*/
class LiveUser_Perm_Simple
{
/**
* Unique user ID, used to identify users from the auth container.
*
* @var string
* @access public
*/
var $perm_user_id = '';
/**
* One-dimensional array containing current user's rights (direct and (sub)group).
* This already includes grouprights and possible overrides by
* individual right settings.
*
* Format: "RightId" => "Level"
*
* @var mixed
* @access public
*/
var $right_ids = false;
/**
* One-dimensional array containing only the individual
* rights directly assigned to the user.
*
* Format: "RightId" => "Level"
*
* @var array
* @access public
*/
var $user_right_ids = array();
/**
* Defines the user type. Depending on the value the user can gain certain
* rights automatically
*
* @var int
* @access public
*/
var $perm_type = LIVEUSER_ANONYMOUS_TYPE_ID;
/**
* Error stack
*
* @var PEAR_ErrorStack
* @access public
*/
var $stack = null;
/**
* Storage Container
*
* @var object
* @access private
*/
var $_storage = null;
/**
* Class constructor. Feel free to override in backend subclasses.
*/
function LiveUser_Perm_Simple()
{
$this->stack = &PEAR_ErrorStack::singleton('LiveUser');
}
/**
* Load and initialize the storage container.
*
* @param array Array with the configuration
* @return bool true on success or false on failure
*
* @access public
*/
function init(&$conf)
{
if (!array_key_exists('storage', $conf)) {
$this->stack->push(LIVEUSER_ERROR, 'exception',
array('msg' => 'Missing storage configuration array'));
return false;
}
if (is_array($conf)) {
$keys = array_keys($conf);
foreach ($keys as $key) {
if (isset($this->$key)) {
$this->$key =& $conf[$key];
}
}
}
$this->_storage =& LiveUser::storageFactory($conf['storage']);
if ($this->_storage === false) {
end($conf['storage']);
$key = key($conf['storage']);
$this->stack->push(LIVEUSER_ERROR, 'exception',
array('msg' => 'Could not instanciate perm storage container: '.$key));
return false;
}
return true;
}
/**
* Tries to find the user with the given user ID in the permissions
* container. Will read all permission data and return true on success.
*
* @param string user identifier
* @param string name of the auth container
* @return bool true on success or false on failure
*
* @access public
*/
function mapUser($auth_user_id = null, $containerName = null)
{
$result = $this->_storage->mapUser($auth_user_id, $containerName);
if ($result === false) {
return false;
}
if (is_null($result)) {
return false;
}
$this->perm_user_id = $result['perm_user_id'];
$this->perm_type = $result['perm_type'];
$this->readRights();
return true;
}
/**
* Reads all rights of current user into a
* two-dimensional associative array, having the
* area names as the key of the 1st dimension.
*
* @return array requested data or false on failure
*
* @access private
*/
function readRights()
{
$this->right_ids = array();
$result = $this->readUserRights($this->perm_user_id);
if ($result === false) {
return false;
}
$this->right_ids = $result;
return $this->right_ids;
}
/**
* Read all the user rights from the storage and puts them in a class
* member for later retrieval.
*
* @param int perm user id
* @return array requested data or false on failure
*
* @access private
*/
function readUserRights($perm_user_id)
{
$this->user_right_ids = array();
$result = $this->_storage->readUserRights($perm_user_id);
if ($result === false) {
return false;
}
$this->user_right_ids = $result;
return $this->user_right_ids;
}
/**
* Checks if the current user has a certain right.
*
* If the user is has an "area admin" type he will automatically be
* awarded the right.
*
* @param int Id of the right to check for.
* @return int level at which the user has the given right or
* false if the user does not have the right.
*
* @access public
*/
function checkRight($right_id)
{
// check if the user is above areaadmin
if (!$right_id || $this->perm_type > LIVEUSER_AREAADMIN_TYPE_ID) {
return LIVEUSER_MAX_LEVEL;
// If he does, look for the right in question.
} elseif (is_array($this->right_ids) && array_key_exists($right_id, $this->right_ids)) {
// We know the user has the right so the right level will be returned.
return $this->right_ids[$right_id];
}
return false;
}
/**
* Function returns the inquired value if it exists in the class.
*
* @param string name of the property to be returned.
* @return mixed null, a scalar or an array.
*
* @access public
*/
function getProperty($what)
{
$that = null;
if (isset($this->$what)) {
$that = $this->$what;
}
return $that;
}
/**
* Stores all properties in an array.
*
* @param string name of the session in use.
* @return array containing the property values
*
* @access public
*/
function freeze($sessionName)
{
$propertyValues = array(
'perm_user_id' => $this->perm_user_id,
'right_ids' => $this->right_ids,
'user_right_ids' => $this->user_right_ids,
'group_right_ids' => $this->group_right_ids,
'perm_type' => $this->perm_type,
'group_ids' => $this->group_ids,
);
return $this->_storage->freeze($sessionName, $propertyValues);
}
/**
* Reinitializes properties from the storage container.
*
* @param string name of the key to use inside the session
* @param bool always returns true
*
* @access public
*/
function unfreeze($sessionName)
{
$propertyValues = $this->_storage->unfreeze($sessionName);
if ($propertyValues) {
foreach ($propertyValues as $key => $value) {
$this->{$key} = $value;
}
}
return true;
}
/**
* Properly disconnect from resources.
*
* @return bool true on success and false on failure
*
* @access public
*/
function disconnect()
{
$this->_storage->disconnect();
}
}
?>