function dPacl($opts = null)
{
global $db;
if (!is_array($opts)) {
$opts = array();
}
$opts['db_type'] = dPgetConfig('dbtype');
$opts['db_host'] = dPgetConfig('dbhost');
$opts['db_user'] = dPgetConfig('dbuser');
$opts['db_password'] = dPgetConfig('dbpass');
$opts['db_name'] = dPgetConfig('dbname');
$opts['caching'] = dPgetConfig('gacl_cache', false);
$opts['force_cache_expire'] = dPgetConfig('gacl_expire', true);
$opts['cache_dir'] = dPgetConfig('gacl_cache_dir', '/tmp');
$opts['cache_expire_time'] = dPgetConfig('gacl_timeout', 600);
$opts['db'] = $db;
/*
* We can add an ADODB instance instead of the database connection details.
* This might be worth looking at in the future.
*/
if (dPgetConfig('debug', 0) > 10) {
$this->_debug = true;
}
parent::gacl_api($opts);
}
function check($str)
{
static $group = null;
if (!empty($str)) {
$user = JCommentsFactory::getUser();
$list = explode(',', $str);
if ($group === null) {
if (JCOMMENTS_JVERSION == '1.0') {
if ($user->id) {
$acl = new gacl_api();
$aroGroup = $acl->getAroGroup($user->id);
$group = $aroGroup->group_id ? $aroGroup->group_id : 29;
} else {
$group = 29;
}
} else {
if (JCOMMENTS_JVERSION == '1.5') {
$group = $user->id ? $user->gid : 29;
} else {
if (JCOMMENTS_JVERSION == '1.7') {
if ($user->id) {
$db = JFactory::getDbo();
// get highest group
$query = $db->getQuery(true)->select('a.id')->from('#__user_usergroup_map AS map')->leftJoin('#__usergroups AS a ON a.id = map.group_id')->where('map.user_id = ' . (int) $user->id)->order('a.lft desc');
$db->setQuery($query, 0, 1);
$group = $db->loadResult();
} else {
$group = JComponentHelper::getParams('com_users')->get('guest_usergroup', 1);
}
}
}
}
}
if (in_array($group, $list)) {
return 1;
}
}
return 0;
}
public function __construct($opts = null)
{
global $db;
if (!is_array($opts)) {
$opts = array();
}
$opts['db_type'] = w2PgetConfig('dbtype');
$opts['db_host'] = w2PgetConfig('dbhost');
$opts['db_user'] = w2PgetConfig('dbuser');
$opts['db_password'] = w2PgetConfig('dbpass');
$opts['db_name'] = w2PgetConfig('dbname');
$opts['db_table_prefix'] = w2PgetConfig('dbprefix') . $this->_db_acl_prefix;
$opts['db'] = $db;
if (w2PgetConfig('debug', 0) > 10) {
$this->_debug = true;
}
parent::gacl_api($opts);
}
function dPacl($opts = null)
{
global $dPconfig;
if (!is_array($opts)) {
$opts = array();
}
$opts['db_type'] = $dPconfig['dbtype'];
$opts['db_host'] = $dPconfig['dbhost'];
$opts['db_user'] = $dPconfig['dbuser'];
$opts['db_password'] = $dPconfig['dbpass'];
$opts['db_name'] = $dPconfig['dbname'];
// We can add an ADODB instance instead of the database
// connection details. This might be worth looking at in
// the future.
if ($dPconfig['debug'] > 10) {
$this->_debug = true;
}
parent::gacl_api($opts);
}
public function w2Pacl($opts = null)
{
global $db;
if (!is_array($opts)) {
$opts = array();
}
$opts['db_type'] = w2PgetConfig('dbtype');
$opts['db_host'] = w2PgetConfig('dbhost');
$opts['db_user'] = w2PgetConfig('dbuser');
$opts['db_password'] = w2PgetConfig('dbpass');
$opts['db_name'] = w2PgetConfig('dbname');
$opts['db_table_prefix'] = w2PgetConfig('dbprefix') . $this->_db_acl_prefix;
$opts['db'] = $db;
// We can add an ADODB instance instead of the database
// connection details. This might be worth looking at in
// the future.
if (w2PgetConfig('debug', 0) > 10) {
$this->_debug = true;
}
parent::gacl_api($opts);
}
function get_object_access( $user_id, $recurse = false ) {
global $_CB_database;
$user_id = (int) $user_id;
if ( checkJversion() == 2 ) {
$levels = $this->_acl->getAuthorisedViewLevels( $user_id );
$return = ( $recurse ? $levels : array_slice( $levels, -1 ) );
} else {
if ( checkJversion() == 1 ) {
$user =& JFactory::getUser();
$user->load( $user_id );
$level = $user->get( 'aid', 0 );
} else {
$user = new mosUser( $_CB_database );
$user->load( $user_id );
$level = $user->gid;
}
$query = 'SELECT ' . $_CB_database->NameQuote( 'id' )
. "\n FROM " . $_CB_database->NameQuote( '#__groups' )
. "\n WHERE " . $_CB_database->NameQuote( 'id' ) . " <= " . (int) $level
. "\n ORDER BY " . $_CB_database->NameQuote( 'id' );
$_CB_database->setQuery( $query );
$levels = $_CB_database->loadResultArray();
for ( $i = 0, $n = count( $levels ); $i < $n; $i++ ) {
$levels[$i] = (int) $levels[$i];
}
$return = ( $recurse ? $levels : array_slice( $levels, -1 ) );
}
return $return;
}
<?php
require_once 'AMP/BaseDB.php';
require_once AMP_PATH_PHPGACL . '/gacl.class.php';
require_once AMP_PATH_PHPGACL . '/gacl_api.class.php';
require_once AMP_PATH_PHPGACL . '/admin/gacl_admin.inc.php';
/*
* Create an array containing your preferred settings, including how to connect to your database.
*/
$gacl_options = array('debug' => $gacl_options['debug'], 'items_per_page' => 100, 'max_select_box_items' => 100, 'max_search_return_items' => 200, 'db_type' => $gacl_options['db_type'], 'db_host' => $gacl_options['db_host'], 'db_user' => $gacl_options['db_user'], 'db_password' => $gacl_options['db_password'], 'db_name' => $gacl_options['db_name'], 'db_table_prefix' => $gacl_options['db_table_prefix'], 'caching' => FALSE, 'force_cache_expire' => TRUE, 'cache_dir' => '/tmp/phpgacl_cache', 'cache_expire_time' => 600);
/*
* Let's get ready to RUMBLE!!!
*/
$gacl_api = new gacl_api($gacl_options);
/*
* Keep in mind, all of this can be done through the Administration Interface via your browser.
*/
/*
* Create an Access Control Object (ACO) section.
* Sections serve no other purpose than to categorize ACOs.
*
* add_object_section($name, $value=0, $order=0, $hidden=0, $object_type=NULL)
*/
$result = $gacl_api->add_object_section('System', 'system', 10, 0, 'ACO');
//Must specifiy Object Type.
if ($result !== FALSE) {
echo "Created ACO section sucessfully. <br>\n";
} else {
echo "Error creating ACO section.<br>\n";
}
unset($result);
$conf = $GLOBALS["CONF"];
$phpgacl = $conf->get_conf("phpgacl_path");
require_once "{$phpgacl}/gacl.class.php";
require_once "{$phpgacl}/gacl_api.class.php";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link rel="stylesheet" type="text/css" href="../style/style.css"/>
</head>
<body>
<?php
include "../hmenu.php";
$gacl_api = new gacl_api($ACL_OPTIONS);
if (isset($_SERVER['HTTP_REFERER'])) {
?>
<br/>
<center>
<form><input type="button" class="button" onclick="document.location.href='<?php
echo $_SERVER['HTTP_REFERER'];
?>
'" value="<?php
echo _("Back");
?>
"/>
</form>
</center>
<?php
}
<?php
} else {
?>
<td><input type="checkbox" name="reminder[<?php
echo $index;
?>
]]"></td>
<?php
}
?>
<td> </td>
<td>
<?php
//Place the ACO selector here
$gacl_temp = new gacl_api();
$list_aco_objects = $gacl_temp->get_objects(NULL, 0, 'ACO');
foreach ($list_aco_objects as $key => $value) {
asort($list_aco_objects[$key]);
}
echo "<select name='access_control[" . $index . "]'>";
foreach ($list_aco_objects as $section => $array_acos) {
$aco_section_data = $gacl_temp->get_section_data($section, 'ACO');
$aco_section_title = $aco_section_data[3];
foreach ($array_acos as $aco) {
$aco_id = $gacl_temp->get_object_id($section, $aco, 'ACO');
$aco_data = $gacl_temp->get_object_data($aco_id, 'ACO');
$aco_title = $aco_data[0][3];
$select = '';
if ($rule->access_control() == $section . ":" . $aco) {
$select = 'selected';
<?php
global $conf;
global $global;
define('APPROOT', realpath(dirname(__FILE__) . '/../') . '/');
$_SESSION['username'] = '******';
require_once APPROOT . 'conf/sysconf.php';
include APPROOT . '3rd/phpgacl/gacl.class.php';
include APPROOT . '3rd/phpgacl/gacl_api.class.php';
include APPROOT . 'inc/handler_db.inc';
# $gacl= new gacl(array('db_host'=> $conf['db_host'] , 'db_name'=> $conf['db_name'] , 'db_user'=> $conf['db_user'], 'db_password'=> $conf['db_pass'] , 'db_table_prefix'=>'gacl_' , 'db_type'=> 'mysql' ));
# $gacl_api = new gacl_api(array('db_host'=> $conf['db_host'] , 'db_name'=> $conf['db_name'] , 'db_user'=> $conf['db_user'], 'db_password'=> $conf['db_pass'] , 'db_table_prefix'=>'gacl_' , 'db_type'=> 'mysql' ));
$gacl = new gacl(array('db' => $global['db'], 'db_table_prefix' => 'gacl_'));
$gacl_api = new gacl_api(array('db' => $global['db'], 'db_table_prefix' => 'gacl_'));
$g_user_admin = $gacl_api->get_group_id('admin', 'Admin', ' ARO');
$gacl_api->add_object('modules', 'Dashboard', 'dashboard', 8, 0, 'AXO');
$gacl_api->add_acl(array('access' => array('access')), null, array($g_user_admin), array('modules' => array('dashboard')));
// | This file is part of the Openology FrameWork |
// | Copyright (c) 2004-2005 Openology.org Team |
// | |
// | For the full copyright and license information, please view the COPYRIGHT |
// | file that was distributed with this source code. If the COPYRIGHT file is |
// | missing, please visit Openology homepage: http://www.openology.org/ |
// +---------------------------------------------------------------------------+
//
// $Id:
include_once OOO_APP_MODULES . '/page.php';
include_once OOO_APP_CLASSES . '/usergroup.php';
include_once OOO_CORE . '/form/Form.php';
include_once OOO_CORE . '/form/FormController.php';
include_once OOO_LIB . '/phpgacl/gacl.class.php';
include_once OOO_LIB . '/phpgacl/gacl_api.class.php';
$gacl_api = new gacl_api($gacl_options);
if ($op == 'editgroup') {
$group = new usergroup($DB);
$group->id = $_GET['group_id'];
$arr_group = $group->selectusergroup();
$smarty->assign("function_title", 'Edit Group');
} else {
$smarty->assign("function_title", 'Add Group');
}
$arr_data = $gacl_api->get_objects('', 1, 'aco');
$arr_aco = array();
$arr_tmp = $arr_data['system'];
$arr_checked = array();
for ($i = 0; $i < count($arr_tmp); $i++) {
$obj_value = $arr_tmp[$i];
$obj_id = $gacl_api->get_object_id('system', $obj_value, 'aco');
public function act_test()
{
include APPROOT . '3rd/phpgacl/gacl_api.class.php';
// $gacl_api = new gacl_api(array('db'=>$global['db'] , 'db_table_prefix'=>'gacl_'));
$gacl_api = new gacl_api();
$gacl_api->clear_database();
// ARO //
$root_aro = $gacl_api->add_group('root', 'OpenEvSysUser', 0, 'ARO');
$user_group = $gacl_api->add_group('users', 'Users', $root_aro, 'ARO');
$g_user_admin = $gacl_api->add_group('admin', 'Admin', $user_group, ' ARO');
$g_user_analyst = $gacl_api->add_group('analyst', 'Analyst', $user_group, ' ARO');
$g_user_data_entry = $gacl_api->add_group('data_entry', 'Data Entry', $user_group, ' ARO');
$ws_group = $gacl_api->add_group('ws', 'WS', $root_aro, 'ARO');
// ARO sections
$gacl_api->add_object_section('Users', 'users', 1, 0, 'ARO');
//ARO values
$gacl_api->add_object('users', 'Admin', 'admin', 1, 0, 'ARO');
$gacl_api->add_object('users', 'User1', 'user1', 2, 0, 'ARO');
$gacl_api->add_object('users', 'User2', 'user2', 3, 0, 'ARO');
$gacl_api->add_object('users', 'User3', 'user3', 4, 0, 'ARO');
//ACO //
//ACO sections
$gacl_api->add_object_section('CRUD', 'crud', 1, 0, 'ACO');
$gacl_api->add_object_section('Access', 'access', 1, 0, 'ACO');
//ACO values
$gacl_api->add_object('access', 'Access', 'access', 1, 0, 'ACO');
$gacl_api->add_object('crud', 'Create', 'create', 1, 0, 'ACO');
$gacl_api->add_object('crud', 'Read', 'read', 2, 0, 'ACO');
$gacl_api->add_object('crud', 'Update', 'update', 3, 0, 'ACO');
$gacl_api->add_object('crud', 'Delete', 'delete', 4, 0, 'ACO');
// AXO //
$root_axo = $gacl_api->add_group('root', 'root', 0, 'AXO');
$gacl_api->add_group('modules', 'Modules', $root_axo, 'AXO');
$entity_group = $gacl_api->add_group('entities', 'Entities', $root_axo, 'AXO');
$g_entities_primary = $gacl_api->add_group('primary', 'Primary', $entity_group, 'AXO');
$g_entities_linking = $gacl_api->add_group('linking', 'Linking', $entity_group, 'AXO');
$g_entities_additional = $gacl_api->add_group('additional', 'Additional Details', $entity_group, 'AXO');
$g_events = $gacl_api->add_group('events', 'Events', $root_axo, 'AXO');
// AXO sections //
$gacl_api->add_object_section('Modules', 'modules', 1, 0, 'AXO');
$gacl_api->add_object_section('Entities', 'entities', 2, 0, 'AXO');
$gacl_api->add_object_section('Events', 'events', 3, 0, 'AXO');
// AXO values
$gacl_api->add_object('modules', 'Event', 'events', 1, 0, 'AXO');
$gacl_api->add_object('modules', 'Person', 'person', 2, 0, 'AXO');
$gacl_api->add_object('modules', 'Documents', 'docu', 3, 0, 'AXO');
$gacl_api->add_object('modules', 'Home', 'home', 4, 0, 'AXO');
$gacl_api->add_object('modules', 'Help', 'help', 5, 0, 'AXO');
$gacl_api->add_object('modules', 'Admin', 'admin', 6, 0, 'AXO');
$gacl_api->add_object('modules', 'Analysis', 'analysis', 7, 0, 'AXO');
$gacl_api->add_object('entities', 'Event', 'event', 1, 0, 'AXO');
$gacl_api->add_object('entities', 'Person', 'person', 2, 0, 'AXO');
$gacl_api->add_object('entities', 'Document', 'document', 3, 0, 'AXO');
$gacl_api->add_object('entities', 'Information', 'information', 4, 0, 'AXO');
$gacl_api->add_object('entities', 'Involvement', 'involvement', 5, 0, 'AXO');
$gacl_api->add_object('entities', 'Intervention', 'intervention', 6, 0, 'AXO');
$gacl_api->add_object('entities', 'Act', 'act', 7, 0, 'AXO');
$gacl_api->add_object('entities', 'Chain Of Events', 'chain_of_events', 8, 0, 'AXO');
$gacl_api->add_object('entities', 'Biographic Details', 'biographic_details', 9, 0, 'AXO');
// Add Groups
$gacl_api->add_group_object($g_entities_primary, 'entities', 'event', 'AXO');
$gacl_api->add_group_object($g_entities_primary, 'entities', 'person', 'AXO');
$gacl_api->add_group_object($g_entities_primary, 'entities', 'document', 'AXO');
$gacl_api->add_group_object($g_entities_linking, 'entities', 'act', 'AXO');
$gacl_api->add_group_object($g_entities_linking, 'entities', 'information', 'AXO');
$gacl_api->add_group_object($g_entities_linking, 'entities', 'intervention', 'AXO');
$gacl_api->add_group_object($g_entities_linking, 'entities', 'involvement', 'AXO');
$gacl_api->add_group_object($g_entities_linking, 'entities', 'chain_of_events', 'AXO');
$gacl_api->add_group_object($g_entities_additional, 'entities', 'biographic_details', 'AXO');
$gacl_api->add_group_object($g_user_admin, 'users', 'admin', 'ARO');
$gacl_api->add_group_object($g_user_data_entry, 'users', 'user1', 'ARO');
$gacl_api->add_group_object($g_user_analyst, 'users', 'user2', 'ARO');
$gacl_api->add_group_object($g_user_data_entry, 'users', 'user3', 'ARO');
// permissions
$gacl_api->add_acl(array('access' => array('access')), null, array($root_aro), array('modules' => array('home', 'help')));
$gacl_api->add_acl(array('access' => array('access')), null, array($g_user_admin), array('modules' => array('events', 'person', 'docu', 'analysis', 'admin')));
$gacl_api->add_acl(array('access' => array('access')), null, array($g_user_analyst), array('modules' => array('analysis')));
$gacl_api->add_acl(array('access' => array('access')), null, array($g_user_data_entry), array('modules' => array('person', 'events', 'docu')));
$gacl_api->add_acl(array('crud' => array('create', 'read', 'update', 'delete')), null, array($root_aro), array('entities' => array('person', 'event', 'act', 'information', 'intervention', 'involvement', 'chain_of_events', 'biographic_details')));
$gacl_api->add_acl(array('crud' => array('create', 'read', 'update', 'delete')), null, array($root_aro), null, array($g_events));
}
require_once $mosConfig_absolute_path . "/includes/joomla.php";
}
$mainframe = new mosMainFrame($database, 'com_zoom', '..', true);
$mainframe->initSession();
error_reporting(E_ALL);
set_magic_quotes_runtime(0);
if (file_exists($mosConfig_absolute_path . "/version.php")) {
include_once $mosConfig_absolute_path . "/version.php";
} elseif (file_exists($mosConfig_absolute_path . "/includes/version.php")) {
include_once $mosConfig_absolute_path . "/includes/version.php";
}
include_once $mosConfig_absolute_path . "/includes/database.php";
require_once $mosConfig_absolute_path . '/includes/gacl.class.php';
require_once $mosConfig_absolute_path . '/includes/gacl_api.class.php';
$database = new database($mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix);
$acl = new gacl_api();
if (isset($_REQUEST['uid'])) {
$uid = intval(trim($_REQUEST['uid']));
} else {
if (isset($_REQUEST['dnd_uid'])) {
$uid = intval(trim($_REQUEST['dnd_uid']));
} else {
$uid = '0';
}
}
$my = $mainframe->getUser();
session_start();
$database->setQuery("SELECT id, gid, username, usertype FROM #__users WHERE id={$uid}");
$row = null;
if ($database->loadObject($row)) {
// fudge the group stuff
function return_values_xml($err)
{
global $phpgacl_location;
include_once "{$phpgacl_location}/gacl_api.class.php";
$gacl = new gacl_api();
$returns = array();
$message = "<?xml version=\"1.0\"?>\n" . "<response>\n";
foreach (acl_get_group_title_list() as $value) {
$acl_id = $gacl->search_acl(FALSE, FALSE, FALSE, FALSE, $value, FALSE, FALSE, FALSE, FALSE);
foreach ($acl_id as $value2) {
$acl = $gacl->get_acl($value2);
$ret = $acl["return_value"];
if (!in_array($ret, $returns)) {
// Modified 6-2009 by BM - Translate return value
$message .= "\t<return>\n";
$message .= "\t\t<returnid>" . $ret . "</returnid>\n";
$message .= "\t\t<returntitle>" . xl($ret) . "</returntitle>\n";
$message .= "\t</return>\n";
array_push($returns, $ret);
}
}
}
if (isset($err)) {
foreach ($err as $value) {
$message .= "\t<error>" . $value . "</error>\n";
}
}
$message .= "</response>\n";
return $message;
}
// | |
// | For the full copyright and license information, please view the COPYRIGHT |
// | file that was distributed with this source code. If the COPYRIGHT file is |
// | missing, please visit Openology homepage: http://www.openology.org/ |
// +---------------------------------------------------------------------------+
//
// $Id:
include_once OOO_LIB . '/phpgacl/gacl.class.php';
include_once OOO_LIB . '/phpgacl/gacl_api.class.php';
if (isset($_POST['user'])) {
$arr_newuser = $_POST['user'];
} else {
$arr_newuser = 0;
}
$id = $_POST['aro_group_id'];
$gacl_api = new gacl_api($gacl_options);
$arr_olduser = $gacl_api->get_group_objects($id, 'aro');
//aro object value
if (count($arr_olduser) && is_array($arr_newuser)) {
$arr_add = array_diff($arr_newuser, $arr_olduser['users']);
$arr_del = array_diff($arr_olduser['users'], $arr_newuser);
foreach ($arr_add as $value) {
$gacl_api->add_group_object($id, 'users', $value, 'aro');
}
foreach ($arr_del as $value) {
$gacl_api->del_group_object($id, 'users', $value, 'aro');
}
} elseif (count($arr_olduser) && !is_array($arr_newuser)) {
$arr_del = $arr_olduser['users'];
foreach ($arr_del as $value) {
$gacl_api->del_group_object($id, 'users', $value, 'aro');
function del_acl($id)
{
gacl_api::del_acl($id);
$this->regeneratePermissions();
}
* The ACL tree for this example is:
* Millennium Falcon Passengers Group
* |-Crew Group
* | |-Han ARO
* | '-Chewie ARO
* '-Passengers Group
* |-Obi-wan ARO
* |-Luke ARO
* |-R2D2 ARO
* '-C3PO ARO
*/
/*
* Initialise the database - by clearing the database.
*/
// Let's get ready to RUMBLE!!!
$gacl_api = new gacl_api($gacl_options);
/*
* Keep in mind, all of this can be done through the Administration Interface via your browser.
*/
/*
* Create an Access Control Object (ACO) section.
* Sections serve no other purpose than to categorize ACOs.
*
* add_object_section($name, $value=0, $order=0, $hidden=0, $object_type=NULL)
*/
$result = $gacl_api->add_object_section('Access', 'access', 10, 0, 'ACO');
//Must specifiy Object Type.
if ($outputDebug == TRUE) {
if ($result !== FALSE) {
echo "Created ACO section sucessfully. <br>\n";
} else {
* | '-Chewie ARO [DENY: Engines] * '-Passengers Group [ALLOW: Lounge] * |- Jedi [ALLOW: Cockpit] | |-Obi-wan ARO * | '-Luke ARO [ALLOW: Guns] * |-R2D2 ARO [ALLOW: Engines] * '-C3PO ARO * */ // Get the phpGACL option settings require_once 'millenniumFalcon.inc'; /* * Initialise the database - by clearing and running the previous examples. */ // Let's get ready to RUMBLE!!! $gacl_api = new gacl_api($gacl_options); /* * Keep in mind, all of this can be done through the Administration Interface via your browser. */ /* * To keep things clear for this stage the process is as follows: * * 1) Add a Jedi ARO Section. * 2) Add the ARO Group for Jedi, with the parent group being Passengers * 3) Edit Obi-wan and Lukes Object to assign the Section to Jedi. * 4) Assign ACL to Jedi ARO Group. * 5) Test! */ /* * Add an ARO Section for Jedi - so we can assign Passengers to this section. */
<?php
global $conf;
global $global;
define('APPROOT', realpath(dirname(__FILE__) . '/../') . '/');
require_once APPROOT . 'conf/sysconf.php';
include APPROOT . '3rd/phpgacl/gacl.class.php';
include APPROOT . '3rd/phpgacl/gacl_api.class.php';
include APPROOT . 'inc/handler_db.inc';
# $gacl= new gacl(array('db_host'=> $conf['db_host'] , 'db_name'=> $conf['db_name'] , 'db_user'=> $conf['db_user'], 'db_password'=> $conf['db_pass'] , 'db_table_prefix'=>'gacl_' , 'db_type'=> 'mysql' ));
# $gacl_api = new gacl_api(array('db_host'=> $conf['db_host'] , 'db_name'=> $conf['db_name'] , 'db_user'=> $conf['db_user'], 'db_password'=> $conf['db_pass'] , 'db_table_prefix'=>'gacl_' , 'db_type'=> 'mysql' ));
$gacl = new gacl(array('db' => $global['db'], 'db_table_prefix' => 'gacl_'));
$gacl_api = new gacl_api(array('db' => $global['db'], 'db_table_prefix' => 'gacl_'));
$gacl_api->clear_database();
// ARO //
$root_aro = $gacl_api->add_group('root', 'OpenEvSysUser', 0, 'ARO');
$user_group = $gacl_api->add_group('users', 'Users', $root_aro, 'ARO');
$g_user_admin = $gacl_api->add_group('admin', 'Admin', $user_group, ' ARO');
$g_user_analyst = $gacl_api->add_group('analyst', 'Analyst', $user_group, ' ARO');
$g_user_data_entry = $gacl_api->add_group('data_entry', 'Data Entry', $user_group, ' ARO');
$ws_group = $gacl_api->add_group('ws', 'WS', $root_aro, 'ARO');
// ARO sections
$gacl_api->add_object_section('Users', 'users', 1, 0, 'ARO');
//ARO values
$gacl_api->add_object('users', 'Admin', 'admin', 1, 0, 'ARO');
//ACO //
//ACO sections
$gacl_api->add_object_section('CRUD', 'crud', 1, 0, 'ACO');
$gacl_api->add_object_section('Access', 'access', 1, 0, 'ACO');
//ACO values
$gacl_api->add_object('access', 'Access', 'access', 1, 0, 'ACO');
$outputDebug = true;
$gacl_api = new gacl_api($gacl_options);
$gacl_api->clear_database();
include 'definingAccessControl.php';
break;
case 'example2':
$outputDebug = false;
$gacl_api = new gacl_api($gacl_options);
$gacl_api->clear_database();
include 'definingAccessControl.php';
$outputDebug = true;
include 'fineGrainAccessControl.php';
break;
case 'example3':
$outputDebug = false;
$gacl_api = new gacl_api($gacl_options);
$gacl_api->clear_database();
include 'definingAccessControl.php';
include 'fineGrainAccessControl.php';
$outputDebug = true;
include 'Multi-levelGroups.php';
break;
default:
include 'welcome.php';
break;
}
?>
</div>
</div>
</div>
<?php
// +---------------------------------------------------------------------------+
// | This file is part of the Openology FrameWork |
// | Copyright (c) 2004-2005 Openology.org Team |
// | |
// | For the full copyright and license information, please view the COPYRIGHT |
// | file that was distributed with this source code. If the COPYRIGHT file is |
// | missing, please visit Openology homepage: http://www.openology.org/ |
// +---------------------------------------------------------------------------+
//
// $Id:
include_once OOO_APP_MODULES . '/page.php';
include_once OOO_APP_CLASSES . '/usergroup.php';
include_once OOO_CORE . '/form/Form.php';
include_once OOO_CORE . '/form/FormController.php';
$gacl_api = new gacl_api($gacl_options);
$arr_data = $gacl_api->get_objects('', 1, 'aco');
$arr_aco = array();
$arr_tmp = $arr_data['system'];
for ($i = 0; $i < count($arr_tmp); $i++) {
$arr_aco[$arr_tmp[$i]] = $arr_tmp[$i];
}
//print_r($arr_aco);
$form = new Form('form1', 'index.php', 'post');
$text1 =& $form->addElement('text');
$text1->setAttribute('id', 'name');
$text2 =& $form->addElement('textarea');
$text2->setAttribute('id', 'description');
$text3 =& $form->addElement('checkbox');
$text3->setAttribute('id', 'permission');
$text3->setAttribute('name', 'permission[]');
function remove()
{
// Remove user, the remove from gacl
$userName = trim($this->request->args[0]);
$users = $this->application->db->query("From UserModel as user where user.name='" . $userName . "'");
$user = $users[0];
$this->application->db->delete($user);
require_once "lib/phpgacl/gacl_api.class.php";
$api = new gacl_api(array());
$id = $api->get_object_id("user", $userName, "ARO");
$api->del_object($id, "ARO");
$this->render("user/removed", array("user" => $userName), "SMARTY");
}
/**
* Wraps the actual acl_query() function.
*
* It is simply here to return TRUE/FALSE accordingly.
* @param string The ACO section value
* @param string The ACO value
* @param string The ARO section value
* @param string The ARO section
* @param string The AXO section value (optional)
* @param string The AXO section value (optional)
* @param integer The group id of the ARO ??Mike?? (optional)
* @param integer The group id of the AXO ??Mike?? (optional)
* @return mixed Generally a zero (0) or (1) or the extended return value of the ACL
*/
function acl_check($aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value = NULL, $axo_value = NULL, $root_aro_group = NULL, $root_axo_group = NULL)
{
if ($this->_checkMode === 1) {
return parent::acl_check($aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value, $axo_value, $root_aro_group, $root_axo_group);
}
$this->debug_text("\n<br /> ACO={$aco_section_value}:{$aco_value}, ARO={$aro_section_value}:{$aro_value}, AXO={$axo_section_value}|{$axo_value}");
$acl_result = 0;
for ($i = 0; $i < $this->acl_count; $i++) {
$acl =& $this->acl[$i];
if (strcasecmp($aco_section_value, $acl[0]) == 0) {
if (strcasecmp($aco_value, $acl[1]) == 0) {
if (strcasecmp($aro_section_value, $acl[2]) == 0) {
if (strcasecmp($aro_value, $acl[3]) == 0) {
if ($axo_section_value && $acl[4]) {
if (strcasecmp($axo_section_value, $acl[4]) == 0) {
if (strcasecmp($axo_value, $acl[5]) == 0) {
$acl_result = @$acl[6] ? $acl[6] : 1;
break;
}
}
} else {
$acl_result = @$acl[6] ? $acl[6] : 1;
break;
}
}
}
}
}
}
return $acl_result;
}
* The ACL tree at the end of this example will be:
* Millennium Falcon Passengers Group
* |-Crew Group [ALLOW: ALL]
* | |-Han ARO
* | '-Chewie ARO [DENY: Engines]
* '-Passengers Group [ALLOW: Lounge]
* |-Obi-wan ARO
* |-Luke ARO [ALLOW: Guns]
* |-R2D2 ARO [ALLOW: Engines]
* '-C3PO ARO
*/
/*
* Initialise the database - by clearing and running the previous examples.
*/
// Let's get ready to RUMBLE!!!
$gacl_api = new gacl_api($gacl_options);
/*
* Keep in mind, all of this can be done through the Administration Interface via your browser.
*/
/*
* Deny Chewie Access to the Engines!
*/
//Associative array, with Object Section Value => array( Object Value ) pairs.
$aco_array = array('access' => array('engines'));
$aro_array = array('crew' => array('chewie'));
$allow = FALSE;
$enabled = TRUE;
$return_value = NULL;
$note = "Denying Chewie access to the engines!";
//The NULL values are for the more advanced options such as groups, and AXOs. Refer to the manual for more info.
$result = $gacl_api->add_acl($aco_array, $aro_array, NULL, NULL, NULL, $allow, $enabled, $return_value, $note);
// Accounting
//
// Upgrade Howto
// When upgrading to a new version of OpenEMR, run the acl_upgrade.php
// script to update the phpGACL access controls. This is required to
// ensure the database includes all the required Access Control
// Objects(ACO).
//
// On 06/2009, added pertinent comments below each entry to allow capture
// of these terms by the translation engine.
require_once dirname(__FILE__) . '/library/acl.inc';
if (!$phpgacl_location) {
die("You must first set up library/acl.inc to use phpGACL!");
}
require_once "{$phpgacl_location}/gacl_api.class.php";
$gacl = new gacl_api();
// Create the ACO sections. Every ACO must have a section.
//
if ($gacl->add_object_section('Accounting', 'acct', 10, 0, 'ACO') === FALSE) {
echo "Unable to create the access controls for OpenEMR. You have likely already run this script (acl_setup.php) successfully.<br>Other possible problems include php-GACL configuration file errors (gacl.ini.php or gacl.class.php).<br>";
return;
}
// xl('Accounting')
$gacl->add_object_section('Administration', 'admin', 10, 0, 'ACO');
// xl('Administration')
$gacl->add_object_section('Encounters', 'encounters', 10, 0, 'ACO');
// xl('Encounters')
$gacl->add_object_section('Lists', 'lists', 10, 0, 'ACO');
// xl('Lists')
$gacl->add_object_section('Patients', 'patients', 10, 0, 'ACO');
// xl('Patients')
if (file_exists(APPROOT . '3rd/Zend/ ' . $class_name . '.php')) {
require_once APPROOT . '3rd/Zend/ ' . $class_name . '.php';
}
if (file_exists(APPROOT . 'data/' . $class_name . '.php')) {
require_once APPROOT . 'data/' . $class_name . '.php';
}
}
}
spl_autoload_register(array('AutoLoadClass', '__autoload'));
//include(APPROOT.'3rd/phpgacl/gacl.class.php');
include APPROOT . '3rd/phpgacl/gacl_api.class.php';
include APPROOT . 'inc/handler_db.inc';
# $gacl= new gacl(array('db_host'=> $conf['db_host'] , 'db_name'=> $conf['db_name'] , 'db_user'=> $conf['db_user'], 'db_password'=> $conf['db_pass'] , 'db_table_prefix'=>'gacl_' , 'db_type'=> 'mysql' ));
# $gacl_api = new gacl_api(array('db_host'=> $conf['db_host'] , 'db_name'=> $conf['db_name'] , 'db_user'=> $conf['db_user'], 'db_password'=> $conf['db_pass'] , 'db_table_prefix'=>'gacl_' , 'db_type'=> 'mysql' ));
$gacl = new gacl(array('db' => $global['db'], 'db_table_prefix' => 'gacl_'));
$gacl_api = new gacl_api(array('db' => $global['db'], 'db_table_prefix' => 'gacl_'));
$root_aro = $gacl_api->get_group_id('root', 'OpenEvSysUser', 'ARO');
//var_dump('root_aro' , $root_aro); exit(0);
$root_axo = $gacl_api->get_group_id('root', 'root', 'AXO');
//var_dump($root_axo);
$g_person = $gacl_api->add_group('person', 'Person', $root_axo, 'AXO');
$gacl_api->add_object_section('Person', 'person', 3, 0, 'AXO');
$gacl_api->add_acl(array('access' => array('access')), null, array($root_aro), null, array($g_person));
$persons = Browse::getPersonConf();
//var_dump($persons); exit(0);
foreach ($persons as $person) {
acl_add_person($person['person_record_number']);
//if event is marked as confidential limit it to this user and admin.
if ($person['confidentiality'] == 'y') {
acl_set_person_permissions($person['person_record_number']);
}
// | file that was distributed with this source code. If the COPYRIGHT file is |
// | missing, please visit Openology homepage: http://www.openology.org/ |
// +---------------------------------------------------------------------------+
//
// $Id:
include_once OOO_APP_MODULES . '/page.php';
include_once OOO_APP_CLASSES . '/usergroup.php';
include_once OOO_APP_CLASSES . '/user.php';
include_once OOO_CORE . '/form/Form.php';
include_once OOO_CORE . '/form/FormController.php';
include_once OOO_CORE . '/gui/SmartyUtil.php';
include_once OOO_LIB . '/phpgacl/gacl.class.php';
include_once OOO_LIB . '/phpgacl/gacl_api.class.php';
$group_id = $_GET['id'];
//group_id
$gacl_api = new gacl_api($gacl_options);
$id = $gacl_api->get_group_id($group_id, $group_id, 'ARO');
//aro group_id
$arr_user = $gacl_api->get_group_objects($id, 'aro');
//aro object value
$group = new usergroup($DB);
if (is_array($arr_user)) {
if (count($arr_user)) {
$arr_in = $group->selectInUser($arr_user['users'], 1);
$arr_out = $group->selectInUser($arr_user['users'], 0);
} else {
$user = new user($DB);
$arr_out = $user->selectAlluser(1000, 1);
}
}
$smartyutil = new SmartyUtil();
// | This file is part of the Openology FrameWork |
// | Copyright (c) 2004-2005 Openology.org Team |
// | |
// | For the full copyright and license information, please view the COPYRIGHT |
// | file that was distributed with this source code. If the COPYRIGHT file is |
// | missing, please visit Openology homepage: http://www.openology.org/ |
// +---------------------------------------------------------------------------+
//
// $Id:
include_once OOO_APP_MODULES . '/page.php';
include_once OOO_APP_CLASSES . '/usergroup.php';
include_once OOO_CORE . '/form/Form.php';
include_once OOO_CORE . '/form/FormController.php';
include_once OOO_LIB . '/phpgacl/gacl.class.php';
include_once OOO_LIB . '/phpgacl/gacl_api.class.php';
$gacl_api = new gacl_api($gacl_options);
$usergroup = new usergroup($DB);
if ($op == 'deletegroup') {
$arr_id = $_POST['delete'];
for ($i = 0; $i < count($arr_id); $i++) {
$usergroup->id = $arr_id[$i];
$usergroup->deleteusergroup();
$id = $gacl_api->get_group_id($group->id, $group->id, 'ARO');
$gacl_api->del_group($id, true, 'ARO');
}
} else {
$usergroup->name = $_POST['name'];
$usergroup->description = $_POST['description'];
$aco_array = array();
$aco_array['system'] = array();
$aco_array['system'] = $_POST['permission'];
function get_group_children_tree($root_id = null, $root_name = null, $inclusive = true)
{
global $database;
$tree = gacl_api::_getBelow('#__core_acl_aro_groups', 'g1.group_id, g1.name, COUNT(g2.name) AS level', 'g1.name', $root_id, $root_name, $inclusive);
// first pass get level limits
$n = count($tree);
$min = $tree[0]->level;
$max = $tree[0]->level;
for ($i = 0; $i < $n; $i++) {
$min = min($min, $tree[$i]->level);
$max = max($max, $tree[$i]->level);
}
$indents = array();
foreach (range($min, $max) as $i) {
$indents[$i] = ' ';
}
// correction for first indent
$indents[$min] = '';
$list = array();
for ($i = $n - 1; $i >= 0; $i--) {
$shim = '';
foreach (range($min, $tree[$i]->level) as $j) {
$shim .= $indents[$j];
}
if (@$indents[$tree[$i]->level + 1] == '. ') {
$twist = ' ';
} else {
$twist = "- ";
}
//$list[$i] = $tree[$i]->level.$shim.$twist.$tree[$i]->name;
$list[$i] = mosHTML::makeOption($tree[$i]->group_id, $shim . $twist . $tree[$i]->name);
if ($tree[$i]->level < @$tree[$i - 1]->level) {
$indents[$tree[$i]->level + 1] = '. ';
}
}
ksort($list);
return $list;
}
public function act_permissions()
{
global $global;
include_once APPROOT . '3rd/phpgacl/gacl_api.class.php';
$gacl = new gacl_api(array('db' => $global['db'], 'db_table_prefix' => 'gacl_'));
//select role
$this->roles = acl_get_roles();
if (isset($_REQUEST['role'])) {
$this->role = $_REQUEST['role'];
}
//change role if requested
if (isset($_POST['change_role'])) {
$this->role = $_POST['role'];
}
if (!array_key_exists($this->role, $this->roles)) {
$this->role = key($this->roles);
}
$role_id = $gacl->get_group_id($this->role, NULL, 'ARO');
$role_name = $gacl->get_group_data($role_id, 'ARO');
$role_name = $role_name[3];
//list accessible modules
$options = $gacl->get_objects('crud', 0, 'ACO');
$this->crud = $options['crud'];
$group_id = $gacl->get_group_id('entities', 'Entities', 'AXO');
$entity_groups = $gacl->get_group_children($group_id, 'AXO', 'NO_RECURSE');
$this->entity_groups = array();
foreach ($entity_groups as $id) {
$group = $gacl->get_group_data($id, 'AXO');
$this->entity_groups[$group[2]] = _t($group[3]);
}
//get the deny list
$acl_list = array();
$this->select = array();
foreach ($this->entity_groups as $key => $group) {
$acl_id = $gacl->search_acl('crud', FALSE, FALSE, FALSE, $role_name, FALSE, FALSE, $group, FALSE);
if ($acl_id) {
$acl_list = array_merge($acl_list, $acl_id);
}
$acl = $gacl->get_acl($acl_id[0]);
if ($acl['allow'] == 0) {
$crud = $acl['aco']['crud'];
}
foreach ($this->crud as $opt) {
$this->select[$key . "_" . $opt] = true;
if (is_array($crud) && in_array($opt, $crud)) {
$this->select[$key . "_" . $opt] = false;
}
}
}
//list accessible entities
if ($_POST['change_permissions']) {
if ($this->role == 'admin') {
shnMessageQueue::addInformation(_t('YOU_CANNOT_CHANGE_THE_ADMINISTRATOR_PERMISSIONS_'));
} else {
$this->select = array();
foreach ($this->entity_groups as $key => $group) {
$crud = array();
foreach ($this->crud as $opt) {
if (!isset($_POST[$key . '_' . $opt])) {
array_push($crud, $opt);
}
$this->select[$key . "_" . $opt] = true;
if (is_array($crud) && in_array($opt, $crud)) {
$this->select[$key . "_" . $opt] = false;
}
}
$axo_id = $gacl->get_group_id($key, $group, 'AXO');
if (count($crud) > 0) {
$gacl->add_acl(array('crud' => $crud), NULL, array($role_id), NULL, array($axo_id), 0, 1);
}
}
//delete previous acls
foreach ($acl_list as $acl_id) {
$gacl->del_acl($acl_id);
}
}
}
}
