b2evolution PHP Cross Reference Blogging Systems

Source: /inc/users/model/_group.class.php - 507 lines - 14934 bytes - Summary - Text - Print

Description: This file implements the Group class, which manages user groups. This file is part of the evoCore framework - {@link http://evocore.net/} See also {@link http://sourceforge.net/projects/evocms/}.

   1  <?php
   2  /**
   3   * This file implements the Group class, which manages user groups.
   4   *
   5   * This file is part of the evoCore framework - {@link http://evocore.net/}
   6   * See also {@link http://sourceforge.net/projects/evocms/}.
   7   *
   8   * @copyright (c)2003-2014 by Francois Planque - {@link http://fplanque.com/}
   9   *
  10   * {@internal License choice
  11   * - If you have received this file as part of a package, please find the license.txt file in
  12   *   the same folder or the closest folder above for complete license terms.
  13   * - If you have received this file individually (e-g: from http://evocms.cvs.sourceforge.net/)
  14   *   then you must choose one of the following licenses before using the file:
  15   *   - GNU General Public License 2 (GPL) - http://www.opensource.org/licenses/gpl-license.php
  16   *   - Mozilla Public License 1.1 (MPL) - http://www.opensource.org/licenses/mozilla1.1.php
  17   * }}
  18   *
  19   * {@internal Open Source relicensing agreement:
  20   * }}
  21   *
  22   * @package evocore
  23   *
  24   * {@internal Below is a list of authors who have contributed to design/coding of this file: }}
  25   * @author fplanque: Francois PLANQUE
  26   *
  27   * @version $Id: _group.class.php 6136 2014-03-08 07:59:48Z manuel $
  28   */
  29  if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page directly.' );
  30  
  31  load_class( '_core/model/dataobjects/_dataobject.class.php', 'DataObject' );
  32  load_class( 'users/model/_groupsettings.class.php', 'GroupSettings' );
  33  
  34  /**
  35   * User Group
  36   *
  37   * Group of users with specific permissions.
  38   *
  39   * @package evocore
  40   */
  41  class Group extends DataObject
  42  {
  43      /**
  44       * Name of group
  45       *
  46       * Please use get/set functions to read or write this param
  47       *
  48       * @var string
  49       * @access protected
  50       */
  51      var $name;
  52  
  53      /**
  54       * Blog posts statuses permissions
  55       */
  56      var $blog_post_statuses = array();
  57  
  58      var $perm_blogs;
  59      var $perm_security;
  60      var $perm_bypass_antispam = false;
  61      var $perm_xhtmlvalidation = 'always';
  62      var $perm_xhtmlvalidation_xmlrpc = 'always';
  63      var $perm_xhtml_css_tweaks = false;
  64      var $perm_xhtml_iframes = false;
  65      var $perm_xhtml_javascript = false;
  66      var $perm_xhtml_objects = false;
  67      var $perm_stats;
  68  
  69      /**
  70       * Pluggable group permissions
  71       *
  72       * @var Instance of GroupSettings class
  73       */
  74      var $GroupSettings;
  75  
  76  
  77      /**
  78       * Constructor
  79       *
  80       * @param object DB row
  81       */
  82  	function Group( $db_row = NULL )
  83      {
  84          // Call parent constructor:
  85          parent::DataObject( 'T_groups', 'grp_', 'grp_ID' );
  86  
  87          $this->delete_restrictions = array(
  88                  array( 'table'=>'T_users', 'fk'=>'user_grp_ID', 'msg'=>T_('%d users in this group') ),
  89              );
  90  
  91          $this->delete_cascades = array(
  92              );
  93  
  94          if( $db_row == NULL )
  95          {
  96              // echo 'Creating blank group';
  97              $this->set( 'name', T_('New group') );
  98              $this->set( 'perm_blogs', 'user' );
  99              $this->set( 'perm_stats', 'none' );
 100          }
 101          else
 102          {
 103              // echo 'Instanciating existing group';
 104              $this->ID                           = $db_row->grp_ID;
 105              $this->name                         = $db_row->grp_name;
 106              $this->perm_blogs                   = $db_row->grp_perm_blogs;
 107              $this->perm_bypass_antispam         = $db_row->grp_perm_bypass_antispam;
 108              $this->perm_xhtmlvalidation         = $db_row->grp_perm_xhtmlvalidation;
 109              $this->perm_xhtmlvalidation_xmlrpc  = $db_row->grp_perm_xhtmlvalidation_xmlrpc;
 110              $this->perm_xhtml_css_tweaks        = $db_row->grp_perm_xhtml_css_tweaks;
 111              $this->perm_xhtml_iframes           = $db_row->grp_perm_xhtml_iframes;
 112              $this->perm_xhtml_javascript        = $db_row->grp_perm_xhtml_javascript;
 113              $this->perm_xhtml_objects           = $db_row->grp_perm_xhtml_objects;
 114              $this->perm_stats                   = $db_row->grp_perm_stats;
 115          }
 116      }
 117  
 118      /**
 119       * Load data from Request form fields.
 120       *
 121       * @return boolean true if loaded data seems valid.
 122       */
 123  	function load_from_Request()
 124      {
 125          global $Messages, $demo_mode;
 126  
 127          // Edited Group Name
 128          param( 'edited_grp_name', 'string' );
 129          param_check_not_empty( 'edited_grp_name', T_('You must provide a group name!') );
 130          $this->set_from_Request('name', 'edited_grp_name', true);
 131  
 132          // Edited Group Permission Blogs
 133          param( 'edited_grp_perm_blogs', 'string', true );
 134          $this->set_from_Request( 'perm_blogs', 'edited_grp_perm_blogs', true );
 135  
 136          $apply_antispam = ( param( 'apply_antispam', 'integer', 0 ) ? 0 : 1 );
 137          $perm_xhtmlvalidation = param( 'perm_xhtmlvalidation', 'string', true );
 138          $perm_xhtmlvalidation_xmlrpc = param( 'perm_xhtmlvalidation_xmlrpc', 'string', true );
 139          $prevent_css_tweaks = ( param( 'prevent_css_tweaks', 'integer', 0 ) ? 0 : 1 );
 140          $prevent_iframes = ( param( 'prevent_iframes', 'integer', 0 ) ? 0 : 1 );
 141          $prevent_javascript = ( param( 'prevent_javascript', 'integer', 0 ) ? 0 : 1 );
 142          $prevent_objects = ( param( 'prevent_objects', 'integer', 0 ) ? 0 : 1 );
 143  
 144          if( $demo_mode && ( $apply_antispam || ( $perm_xhtmlvalidation != 'always' ) && ( $perm_xhtmlvalidation_xmlrpc != 'always' )
 145               || $prevent_css_tweaks || $prevent_iframes || $prevent_javascript || $prevent_objects ) )
 146          { // Demo mode restriction: Do not allow to change these settings in demo mode, because it may lead to security problem!
 147              $Messages->add( 'Validation settings and security filters are not editable in demo mode!', 'error' );
 148          }
 149          else
 150          {
 151              // Apply Antispam
 152              $this->set( 'perm_bypass_antispam', $apply_antispam );
 153  
 154              // XHTML Validation
 155              $this->set( 'perm_xhtmlvalidation', $perm_xhtmlvalidation );
 156  
 157              // XHTML Validation XMLRPC
 158              $this->set( 'perm_xhtmlvalidation_xmlrpc', $perm_xhtmlvalidation_xmlrpc );
 159  
 160              // CSS Tweaks
 161              $this->set( 'perm_xhtml_css_tweaks', $prevent_css_tweaks );
 162  
 163              // Iframes
 164              $this->set( 'perm_xhtml_iframes', $prevent_iframes );
 165  
 166              // Javascript
 167              $this->set( 'perm_xhtml_javascript', $prevent_javascript );
 168  
 169              // Objects
 170              $this->set( 'perm_xhtml_objects', $prevent_objects );
 171          }
 172  
 173          // Stats
 174          $this->set( 'perm_stats', param( 'edited_grp_perm_stats', 'string', true ) );
 175  
 176          // Load pluggable group permissions from request
 177          $GroupSettings = & $this->get_GroupSettings();
 178          foreach( $GroupSettings->permission_values as $name => $value )
 179          {
 180              // We need to handle checkboxes and radioboxes separately , because when a checkbox isn't checked the checkbox variable is not sent
 181              if( $name == 'perm_createblog' || $name == 'perm_getblog' || $name == 'perm_templates' )
 182              { // These two permissions are represented by checkboxes, all other pluggable group permissions are represented by radiobox.
 183                  $value = param( 'edited_grp_'.$name, 'string', 'denied' );
 184              }
 185              elseif( ( $name == 'perm_admin' || $name == 'perm_users' ) && ( $this->ID == 1 ) )
 186              { // Admin group has always admin perm, it can not be set or changed.
 187                  continue;
 188              }
 189              else
 190              {
 191                  $value = param( 'edited_grp_'.$name, 'string', '' );
 192              }
 193              if( ( $value != '') || ( $name == 'max_new_threads'/*allow empty*/ ) )
 194              { // if radio is not set, then doesn't change the settings
 195                  $GroupSettings->set( $name, $value, $this->ID );
 196              }
 197          }
 198  
 199          return !param_errors_detected();
 200      }
 201  
 202  
 203      /**
 204       * Set param value
 205       *
 206       * @param string Parameter name
 207       * @param mixed Parameter value
 208       * @param boolean true to set to NULL if empty value
 209       * @return boolean true, if a value has been set; false if it has not changed
 210       */
 211  	function set( $parname, $parvalue, $make_null = false )
 212      {
 213          switch( $parname )
 214          {
 215              case 'perm_templates':
 216                  return $this->set_param( $parname, 'number', $parvalue, $make_null );
 217  
 218              default:
 219                  return $this->set_param( $parname, 'string', $parvalue, $make_null );
 220          }
 221      }
 222  
 223  
 224      /**
 225       * Get the {@link GroupSettings} of the group.
 226       *
 227       * @return GroupSettings (by reference)
 228       */
 229      function & get_GroupSettings()
 230      {
 231          if( ! isset( $this->GroupSettings ) )
 232          {
 233              $this->GroupSettings = new GroupSettings();
 234              $this->GroupSettings->load( $this->ID );
 235          }
 236          return $this->GroupSettings;
 237      }
 238  
 239  
 240      /**
 241       * Check a permission for this group.
 242       *
 243       * @param string Permission name:
 244       *                - templates
 245       *                - stats
 246       *                - spamblacklist
 247       *                - options
 248       *                - users
 249       *                - blogs
 250       *                - admin (levels "visible", "hidden")
 251       *                - messaging
 252       * @param string Requested permission level
 253       * @param mixed Permission target (blog ID, array of cat IDs...)
 254       * @return boolean True on success (permission is granted), false if permission is not granted
 255       */
 256  	function check_perm( $permname, $permlevel = 'any', $perm_target = NULL )
 257      {
 258          global $Debuglog;
 259  
 260          $perm = false; // Default is false!
 261  
 262          // echo "<br>Checking group perm $permname:$permlevel against $permvalue";
 263          if( isset($this->{'perm_'.$permname}) )
 264          {
 265              $permvalue = $this->{'perm_'.$permname};
 266          }
 267          else
 268          { // Object's perm-property not set!
 269              $Debuglog->add( 'Group permission perm_'.$permname.' not defined!', 'perms' );
 270  
 271              $permvalue = false; // This will result in $perm == false always. We go on for the $Debuglog..
 272          }
 273  
 274          $pluggable_perms = array( 'admin', 'shared_root', 'spamblacklist', 'slugs', 'templates', 'options', 'emails', 'files', 'users' );
 275          if( in_array( $permname, $pluggable_perms ) )
 276          {
 277              $permname = 'perm_'.$permname;
 278          }
 279          // echo "<br>Checking group perm $permname:$permlevel against $permvalue";
 280  
 281          // Check group permission:
 282          switch( $permname )
 283          {
 284              case 'blogs':
 285                  switch( $permvalue )
 286                  { // Depending on current group permission:
 287  
 288                      case 'editall':
 289                          // All permissions granted
 290                          $perm = true;
 291                          break;
 292  
 293                      case 'viewall':
 294                          // User can only ask for view perm
 295                          if(( $permlevel == 'view' ) || ( $permlevel == 'any' ))
 296                          { // Permission granted
 297                              $perm = true;
 298                              break;
 299                          }
 300                  }
 301  
 302                  if( ! $perm && ( $permlevel == 'create' ) && $this->check_perm( 'perm_createblog', 'allowed' ) )
 303                  { // User is allowed to create a blog (for himself)
 304                      $perm = true;
 305                  }
 306                  break;
 307  
 308              case 'stats':
 309                  if( ! $this->check_perm( 'admin', 'restricted' ) )
 310                  {
 311                      $perm = false;
 312                      break;
 313                  }
 314                  switch( $permvalue )
 315                  { // Depending on current group permission:
 316  
 317                      case 'edit':
 318                          // All permissions granted
 319                          $perm = true;
 320                          break;
 321  
 322                      case 'view':
 323                          // User can ask for view perm...
 324                          if( $permlevel == 'view' )
 325                          {
 326                              $perm = true;
 327                              break;
 328                          }
 329                          // ... or for any lower priority perm... (no break)
 330  
 331                      case 'user':
 332                          // This is for stats. User perm can grant permissions in the User class
 333                          // Here it will just allow to list
 334                      case 'list':
 335                          // User can only ask for list perm
 336                          if( $permlevel == 'list' )
 337                          {
 338                              $perm = true;
 339                              break;
 340                          }
 341                  }
 342                  break;
 343  
 344              case 'perm_files':
 345                  if( ! $this->check_perm( 'admin', 'restricted' ) )
 346                  {
 347                      $perm = false;
 348                      break;
 349                  }
 350                  // no break, perm_files is pluggable permission
 351  
 352              default:
 353  
 354                  // Check pluggable permissions using group permission check function
 355                  $perm = Module::check_perm( $permname, $permlevel, $perm_target, 'group_func', $this );
 356                  if( $perm === NULL )
 357                  {    // Even if group permisson check function doesn't exist we should return false value
 358                      $perm = false;
 359                  }
 360  
 361                  break;
 362          }
 363  
 364          $target_ID = $perm_target;
 365          if( is_object($perm_target) ) $target_ID = $perm_target->ID;
 366  
 367          $Debuglog->add( "Group perm $permname:$permlevel:$target_ID => ".($perm?'granted':'DENIED'), 'perms' );
 368  
 369          return $perm;
 370      }
 371  
 372  
 373      /**
 374       * Check permission for this group on a specified blog
 375       *
 376       * This is not for direct use, please call {@link User::check_perm()} instead
 377       * user is checked for privileges first, group lookup only performed on a false result
 378       *
 379       * @see User::check_perm()
 380       * @param string Permission name can be any from the blog advanced perm names. A few possible permname:
 381       *                  - blog_ismember
 382       *                  - blog_del_post
 383       *                  - blog_edit_ts
 384       *                  - blog_post_statuses
 385       *                  - blog_edit
 386       *                  - blog_comment_statuses
 387       *                  - blog_edit_cmt
 388       *                  - blog_cats
 389       *                  - blog_properties
 390       * @param string Permission level
 391       * @param integer Permission target blog ID
 392       * @param Item post that we want to edit
 393       * @param User for who we would like to check this permission
 394       * @return boolean 0 if permission denied
 395       */
 396  	function check_perm_bloggroups( $permname, $permlevel, $perm_target_blog, $perm_target = NULL, $User = NULL )
 397      {
 398          if( !isset( $this->blog_post_statuses[$perm_target_blog] ) )
 399          {
 400              $this->blog_post_statuses[$perm_target_blog] = array();
 401              if( ! load_blog_advanced_perms( $this->blog_post_statuses[$perm_target_blog], $perm_target_blog, $this->ID, 'bloggroup' ) )
 402              { // Could not load blog advanced user perms
 403                  return false;
 404              }
 405          }
 406  
 407          $blog_perms = $this->blog_post_statuses[$perm_target_blog];
 408          if( empty( $User ) )
 409          { // User is not set
 410              $user_ID = NULL;
 411          }
 412          else
 413          { // User is set, advanced user perms must be loaded
 414              $user_ID = $User->ID;
 415              if( isset( $User->blog_post_statuses[$perm_target_blog] ) )
 416              { // Merge user advanced perms with group advanced perms
 417                  $edit_perms = array( 'no' => 0, 'own' => 1, 'anon' => 2, 'lt' => 3, 'le' => 4, 'all' => 5 );
 418                  foreach( $User->blog_post_statuses[$perm_target_blog] as $key => $value )
 419                  { // For each collection advanced permission use the higher perm value between user and group perms
 420                      if( ( $key == 'blog_edit' ) || ( $key == 'blog_edit_cmt' ) )
 421                      {
 422                          if( $edit_perms[$value] > $edit_perms[$blog_perms[$key]] )
 423                          { // Use collection user edit permission because it is greater than the collection group perm
 424                              $blog_perms[$key] = $value;
 425                          }
 426                      }
 427                      elseif( isset( $blog_perms[$key] ) )
 428                      { // Check user and group perm as well
 429                          $blog_perms[$key] = (int) $value | (int) $blog_perms[$key];
 430                      }
 431                  }
 432              }
 433          }
 434          return check_blog_advanced_perm( $blog_perms, $user_ID, $permname, $permlevel, $perm_target );
 435      }
 436  
 437  
 438      /**
 439       * Get name of the Group
 440       *
 441       * @return string
 442       */
 443  	function get_name()
 444      {
 445          return $this->name;
 446      }
 447  
 448  
 449      /**
 450       * Insert object into DB based on previously recorded changes.
 451       */
 452  	function dbinsert()
 453      {
 454          global $DB;
 455  
 456          $DB->begin();
 457  
 458          parent::dbinsert();
 459  
 460          // Create group permissions/settings for the current group
 461          $GroupSettings = & $this->get_GroupSettings();
 462          $GroupSettings->dbupdate( $this->ID );
 463  
 464          $DB->commit();
 465      }
 466  
 467  
 468      /**
 469       * Update the DB based on previously recorded changes
 470       */
 471  	function dbupdate()
 472      {
 473          global $DB;
 474  
 475          $DB->begin();
 476  
 477          parent::dbupdate();
 478  
 479          // Update group permissions/settings of the current group
 480          $GroupSettings = & $this->get_GroupSettings();
 481          $GroupSettings->dbupdate( $this->ID );
 482  
 483          $DB->commit();
 484      }
 485  
 486  
 487      /**
 488       * Delete object from DB.
 489       */
 490  	function dbdelete( $Messages = NULL )
 491      {
 492          global $DB;
 493  
 494          $DB->begin();
 495  
 496          // Delete group permissions of the current group
 497          $GroupSettings = & $this->get_GroupSettings();
 498          $GroupSettings->delete( $this->ID );
 499          $GroupSettings->dbupdate( $this->ID );
 500  
 501          parent::dbdelete( $Messages );
 502  
 503          $DB->commit();
 504      }
 505  }
 506  
 507  ?>

title

Description

title

Description

title

Description

title

title

Body