function filterByElement($s3ql, $user_id, $db) { switch ($s3ql['from']) { case 'users': #$user_query_const .= " and account_type !=".$regexp." '(u|p|a|r)'"; $user_query_const .= " and account_type != 'g'"; if (!user_is_admin($user_id, $db) || $s3ql['where']['account_status'] == '') { $user_query_const .= " and account_status = 'A'"; } if ($s3ql['where']['group_id'] != '') { $group_info = s3info('group', $s3ql['where']['group_id'], $db); if (!is_array($group_info)) { return False; echo formatReturn($GLOBALS['error_codes']['something_does_not_exist'], 'Group ' . $s3ql['where']['group_id'] . ' does not exist', $s3ql['format'], ''); } else { #$group_members_query=str_replace("*", "substr(uid, 2, length(uid))", select(array('uid'=>'U'.$s3ql['where']['user_id'], 'shared_with'=>'G'.$s3ql['where']['group_id']))); #$group_members_query=str_replace("*", "replace(substr(uid, 2, length(uid)), '".$GLOBALS['Did'].'/U'."', '')", select(array('uid'=>'U'.$s3ql['where']['user_id'], 'shared_with'=>'G'.$s3ql['where']['group_id']))); $group_members_query = "select id from s3db_permission where shared_with = 'G" . $s3ql['where']['group_id'] . "' and uid " . $GLOBALS['regexp'] . " '^U'"; $user_query_const .= " and account_id in (" . $group_members_query . ")"; #group_id is artifical, don't use it in determining output $s3ql['where'] = array_diff_key($s3ql['where'], array('group_id' => '')); $s3ql['where'] = array_filter($s3ql['where']); } } break; case 'groups': #secial query will be pefrformed on listS3DB. $user_query_const .= " and account_type " . $GLOBALS['regexp'] . " '(g)'"; if ($group_id != '1' || $s3ql['where']['account_status'] != 'I') { $user_query_const .= " and account_status = 'A'"; } if ($s3ql['where']['user_id'] != '') { $user2query = $s3ql['where']['user_id']; $user_members_query = "select shared_with_num from s3db_permission where shared_with " . $GLOBALS['regexp'] . " '^G' and uid = 'U" . $user2query . "'"; $user_query_const .= " and account_id in (" . $user_members_query . ")"; #$user_members = select(array('uid'=>'U'.$s3ql['where']['user_id'], 'shared_with'=>'G'.$s3ql['where']['group_id'], 'stream'=>'upstream')); #$user_members_query=str_replace("*", "substr(shared_with, 2, length(shared_with))", $user_members); #$user_query_const .= " and account_id in (select group_id from s3db_account_group where account_id ".$regexp." ".$s3ql['where']['user_id'].")"; $s3ql['where'] = array_diff_key($s3ql['where'], array('user_id' => '')); $s3ql['where'] = array_filter($s3ql['where']); } #implicated user id. When queried with user_id, this query gives all the groups where user_id is involved, which are all the groups he can change. break; case 'accesslog': #if(!user_is_admin($user_id, $db)) if ($user_id != '1' && !user_is_admin($user_id, $db)) { echo formatReturn($GLOBALS['error_codes']['no_permission_message'], 'User does not have permission to see accesslog', $s3ql['format'], ''); exit; //return (False); } break; case 'rulelog': if ($user_id != '1') { $user_projects = findUserProjects($user_id, $db); $user_query_const .= " and project_id " . $GLOBALS['regexp'] . " '" . create_list($user_projects) . "'"; } break; case 'keys': $P['table'] = 'access_keys'; if ($user_id != '1') { $user_query_const .= " and account_id = '" . $user_id . "'"; } break; case 'filekeys': $P['table'] = 'file_transfer'; if ($user_id != '1') { $user_query_const .= " and created_by = '" . $user_id . "'"; } break; case 'projects': if ($user_id != '1' && $s3ql['where']['project_status'] != 'I') { $user_query_const .= " and project_status = 'A'"; } break; case 'requests': if ($user_id != '1') { $user_rules = findUserRules($user_id, $db); $user_query_const .= " and rule_id " . $regexp . " '" . create_list($user_rules) . "'"; } break; case 'rules': if ($s3ql['where']['class_id'] != '') { $class_info = URI('C' . $s3ql['where']['class_id'], $user_id, $db); $user_query_const .= " and (subject_id = '" . $class_info['resource_id'] . "' or object_id = '" . $class_info['resource_id'] . "')"; } $user_query_const .= " and object!='UID'"; break; case 'statements': # if ($s3ql['where']['class_id'] != '') { $class_info = URI('C' . $s3ql['where']['class_id'], $user_id, $db); $user_query_const .= " and rule_id = '" . $class_info['rule_id'] . "'"; } $user_query_const .= " and rule_id not in (select rule_id from s3db_rule where object='UID')"; $user_query_const .= " and rule_id!=''"; break; case 'collections': $user_query_const .= " and iid = '0'"; if ($s3ql['where']['rule_id'] != '') { $element_info = URI('R' . $s3ql['where']['rule_id'], $user_id, $db); $user_query_const .= " and resource_id '^" . $regexp . " " . fastClassID(array('entity' => $element_info['subject'], 'project_id' => $element_info['project_id'], 'db' => $db)) . "'\$'"; } break; case 'items': $user_query_const .= " and iid = '1'"; if ($s3ql['where']['rule_id'] != '') { $element_info = URI('R' . $s3ql['where']['rule_id'], $user_id, $db); $user_query_const .= " and resource_class_id '^" . $regexp . " " . fastClassID(array('entity' => $element_info['subject'], 'project_id' => $element_info['project_id'], 'db' => $db)) . "'\$'"; } break; } return $user_query_const; }
function filterByElement($s3ql, $user_id, $db) { switch ($s3ql['from']) { case 'users': #$user_query_const .= " and account_type !=".$regexp." '(u|p|a|r)'"; $user_query_const .= " and account_type != 'g'"; if (!user_is_admin($user_id, $db) || $s3ql['where']['account_status'] == '') { $user_query_const .= " and account_status = 'A'"; } if ($s3ql['where']['group_id'] != '') { $group_info = s3info('group', $s3ql['where']['group_id'], $db); if (!is_array($group_info)) { return False; echo formatReturn($GLOBALS['error_codes']['something_does_not_exist'], 'Group ' . $s3ql['where']['group_id'] . ' does not exist', $s3ql['format'], ''); } else { #$group_members_query=str_replace("*", "substr(uid, 2, length(uid))", select(array('uid'=>'U'.$s3ql['where']['user_id'], 'shared_with'=>'G'.$s3ql['where']['group_id']))); $group_members_query = str_replace("*", "replace(substr(uid, 2, length(uid)), '" . $GLOBALS['Did'] . '/U' . "', '')", select(array('uid' => 'U' . $s3ql['where']['user_id'], 'shared_with' => 'G' . $s3ql['where']['group_id']))); $user_query_const .= " and account_id in (" . $group_members_query . ")"; #group_id is artifical, don't use it in determining output $s3ql['where'] = array_diff_key($s3ql['where'], array('group_id' => '')); $s3ql['where'] = array_filter($s3ql['where']); } } #if there is any coreID, this is a check on permissions. Check first if user can query the resource, then check for permission $COREids = $GLOBALS['COREids']; foreach ($COREids as $s3code => $s3coreId) { if ($s3ql['where'][$s3coreId] != '' && $s3coreId != 'user_id') { $stream = "upstream"; $id_name = $s3coreId; $code_id = $s3ql['where'][$s3coreId]; $uid = strtoupper(substr($s3code, 0, 1)) . $s3ql['where'][$s3coreId]; $element_info = URIinfo($uid, $user_id, $s3ql['key'], $db); if (!is_array($element_info)) { echo formatReturn($GLOBALS['error_codes']['something_missing'], $uid . ' was not found', $s3ql['format'], ''); return false; } if (!$element_info['view']) { echo formatReturn($GLOBALS['error_codes']['no_permission_message'], $uid . ' was not found', $s3ql['format'], ''); return false; } $user_query_const .= " and account_id in (" . str_replace('*', 'substr(shared_with,2,length(shared_with))', select(array('shared_with' => 'U', 'uid' => $uid, 'stream' => 'upstream'))) . ")"; } } break; case 'groups': #secial query will be pefrformed on listS3DB. $user_query_const .= " and account_type " . $GLOBALS['regexp'] . " '(g)'"; if ($group_id != '1' || $s3ql['where']['account_status'] != 'I') { $user_query_const .= " and account_status = 'A'"; } if ($s3ql['where']['user_id'] != '') { $user_members = select(array('uid' => 'U' . $s3ql['where']['user_id'], 'shared_with' => 'G' . $s3ql['where']['group_id'], 'stream' => 'upstream')); $user_members_query = str_replace("*", "substr(shared_with, 2, length(shared_with))", $user_members); $user_query_const .= " and account_id in (" . $user_members_query . ")"; #$user_query_const .= " and account_id in (select group_id from s3db_account_group where account_id ".$regexp." ".$s3ql['where']['user_id'].")"; $s3ql['where'] = array_diff_key($s3ql['where'], array('user_id' => '')); $s3ql['where'] = array_filter($s3ql['where']); } #implicated user id. When queried with user_id, this query gives all the groups where user_id is involved, which are all the groups he can change. break; case 'accesslog': #if(!user_is_admin($user_id, $db)) if ($user_id != '1' && !user_is_admin($user_id, $db)) { echo formatReturn($GLOBALS['error_codes']['no_permission_message'], 'User does not have permission to see accesslog', $s3ql['format'], ''); return False; } break; case 'rulelog': if ($user_id != '1') { $user_projects = findUserProjects($user_id, $db); $user_query_const .= " and project_id " . $regexp . " " . create_list($user_projects) . ""; } break; case 'keys': $P['table'] = 'access_keys'; if ($user_id != '1') { $user_query_const .= " and account_id = '" . $user_id . "'"; } break; case 'filekeys': $P['table'] = 'file_transfer'; if ($user_id != '1') { $user_query_const .= " and created_by = '" . $user_id . "'"; } break; case 'projects': if ($user_id != '1' && $s3ql['where']['project_status'] != 'I') { $user_query_const .= " and project_status = 'A'"; } break; case 'requests': if ($user_id != '1') { $user_rules = findUserRules($user_id, $db); $user_query_const .= " and rule_id " . $regexp . " '" . create_list($user_rules) . "'"; } break; case 'rules': if ($s3ql['where']['class_id'] != '') { $class_info = URI('C' . $s3ql['where']['class_id'], $user_id, $db); $user_query_const .= " and (subject_id = '" . $class_info['resource_id'] . "' or object_id = '" . $class_info['resource_id'] . "')"; } break; case 'statements': # if ($s3ql['where']['class_id'] != '') { $class_info = URI('C' . $s3ql['where']['class_id'], $user_id, $db); $user_query_const .= " and rule_id = '" . $class_info['rule_id'] . "'"; } break; case 'collections': $user_query_const .= " and iid = '0'"; if ($s3ql['where']['rule_id'] != '') { $element_info = URI('R' . $s3ql['where']['rule_id'], $user_id, $db); $user_query_const .= " and resource_id '^" . $regexp . " " . fastClassID(array('entity' => $element_info['subject'], 'project_id' => $element_info['project_id'], 'db' => $db)) . "'\$'"; } break; case 'items': $user_query_const .= " and iid = '1'"; if ($s3ql['where']['rule_id'] != '') { $element_info = URI('R' . $s3ql['where']['rule_id'], $user_id, $db); $user_query_const .= " and resource_class_id '^" . $regexp . " " . fastClassID(array('entity' => $element_info['subject'], 'project_id' => $element_info['project_id'], 'db' => $db)) . "'\$'"; } break; } return $user_query_const; }
function include_all_class_id($S) { extract($S); if (is_array($rules)) { foreach ($rules as $rule_info) { $rule_id = $rule_info['rule_id']; $entity = $rule_info['subject']; $rule_info['subject_class_id'] = fastClassID(compact('db', 'entity', 'project_id')); $entity = $rule_info['object']; $rule_info['object_class_id'] = fastClassID(compact('entity', 'project_id', 'db')); $data[] = $rule_info; } } #echo '<pre>class';print_r($data); return $data; }