/**
  * hasPerm
  *
  * checks if a user has permission to read/write
  * a file in the user files directory.
  *
  * $rw defines what permissions are being checked
  * and must be one of the following:
  *
  * r - read
  * w - write
  * v - view (checks if the file is public/private)
  *
  *
  * checks can be performed on a specific user using
  * $id, defaults to current user
  *
  * @param string/int $path
  * @param string $rw
  * @param int $id
  * @access public
  * @return bool
  */
 public function hasPerm($path, $rw = 'r', $id = false)
 {
     /**
      * make sure path is valid
      */
     if (!self::checkPath($path)) {
         return $this->setError(4, $path);
     }
     /**
      * get user and file info
      */
     $file = $this->getFile($path);
     $User = User::getInstance($id);
     /**
      * file not in db, therefore is a check
      * to create file
      */
     $new = false;
     if (!$file) {
         $new = true;
         $file = $this->getFile(dirname($path));
         if (!$file) {
             return $this->setError(4, $path);
         }
     }
     /**
      * split file permissions string from db into
      * different arrays for easy processing
      */
     list($read, $write) = split_perm($file['perm']);
     /**
      * switch between different permissions checks
      */
     switch ($rw) {
         case 'v':
             // check if is public
             /**
              * if super user, return true
              */
             if ($User && $User->isSuperUser()) {
                 return true;
             }
             /**
              * if file is public, return true
              */
             if ($file['public'] == 1) {
                 return true;
             }
             return $this->setError(3, $file['name']);
             break;
         case 'r':
             // check if is readable by user
             /**
              * must be logged in
              */
             if (!$User) {
                 return $this->setError(9);
             }
             /**
              * if super user, return true
              */
             if ($User->isSuperUser()) {
                 return true;
             }
             /**
              * if user does not have permission to manage
              * files, return false
              */
             if (!$User->hasPerm('f')) {
                 return $this->setError(12);
             }
             /**
              * if user is accessing their own file, return true
              */
             if ($file['owner'] == $User->id()) {
                 return true;
             }
             /**
              * if user is in array of users allowed to access
              * file, return true
              */
             if (in_array($User->id(), $read['users'])) {
                 return true;
             }
             /**
              * if one of the user's groups is allowed to access
              * the file, return true
              */
             foreach ($User->groups() as $id) {
                 if (in_array($id, $read['groups'])) {
                     return true;
                 }
             }
             /**
              * if user has admin permissions over the owner
              * of the file, return true
              */
             list($u_read, $u_write) = $User->filePerm();
             if (in_array($file['owner'], $u_read['users'])) {
                 return true;
             }
             /**
              * if user has admin permissions over a group of which
              * the owner of the group is a member, return true
              */
             $Owner = User::getInstance($file['owner']);
             foreach ($Owner->groups() as $id) {
                 if (in_array($id, $u_read['groups'])) {
                     return true;
                 }
             }
             /**
              * permission failure
              */
             return $this->setError(1, $file['name']);
             break;
         case 'w':
             // check if is writable by user
             /**
              * must be logged in
              */
             if (!$User) {
                 return $this->setError(9);
             }
             /**
              * if is system file/folder (ie. owner=0) then
              * return false
              */
             if (!$new && $file['owner'] == 0) {
                 return $this->setError(8, $file);
             }
             /**
              * if super user, return true
              */
             if ($User->isSuperUser()) {
                 return true;
             }
             /**
              * if user does not have permission to manage
              * files, return false
              */
             if (!$User->hasPerm('f')) {
                 return $this->setError(12);
             }
             /**
              * if user is accessing their own file, return true
              */
             if ($file['owner'] == $User->id()) {
                 return true;
             }
             /**
              * if user is in array of users allowed to access
              * file, return true
              */
             if (in_array($User->id(), $write['users'])) {
                 return true;
             }
             /**
              * if one of the user's groups is allowed to access
              * the file, return true
              */
             foreach ($User->groups() as $id) {
                 if (in_array($id, $write['groups'])) {
                     return true;
                 }
             }
             /**
              * if user has admin permissions over the owner
              * of the file, return true
              */
             list($u_read, $u_write) = $User->filePerm();
             if (in_array($file['owner'], $u_write['users'])) {
                 return true;
             }
             /**
              * if user has admin permissions over a group of which
              * the owner of the group is a member, return true
              */
             $Owner = User::getInstance($file['owner']);
             foreach ($Owner->groups() as $id) {
                 if (in_array($id, $u_write['groups'])) {
                     return true;
                 }
             }
             /**
              * permission check failed
              */
             return $this->setError(2, $file['name']);
             break;
     }
 }
Exemple #2
0
 /**
  * __construct
  *
  * constrcutor for the group class
  *
  * @param int|array $group
  * @access private
  * @return void
  */
 private function __construct($group)
 {
     if (!is_array($group)) {
         $group = row('select * from ' . DB_GROUPS . ' where id=' . $group);
     }
     $this->id = $group['id'];
     $this->name = $group['name'];
     $this->perm = explode(',', $group['perm']);
     $this->file_perm = split_perm($group['file_perm']);
 }