function dPacl($opts = null) { global $db; if (!is_array($opts)) { $opts = array(); } $opts['db_type'] = dPgetConfig('dbtype'); $opts['db_host'] = dPgetConfig('dbhost'); $opts['db_user'] = dPgetConfig('dbuser'); $opts['db_password'] = dPgetConfig('dbpass'); $opts['db_name'] = dPgetConfig('dbname'); $opts['caching'] = dPgetConfig('gacl_cache', false); $opts['force_cache_expire'] = dPgetConfig('gacl_expire', true); $opts['cache_dir'] = dPgetConfig('gacl_cache_dir', '/tmp'); $opts['cache_expire_time'] = dPgetConfig('gacl_timeout', 600); $opts['db'] = $db; /* * We can add an ADODB instance instead of the database connection details. * This might be worth looking at in the future. */ if (dPgetConfig('debug', 0) > 10) { $this->_debug = true; } parent::gacl_api($opts); }
function check($str) { static $group = null; if (!empty($str)) { $user = JCommentsFactory::getUser(); $list = explode(',', $str); if ($group === null) { if (JCOMMENTS_JVERSION == '1.0') { if ($user->id) { $acl = new gacl_api(); $aroGroup = $acl->getAroGroup($user->id); $group = $aroGroup->group_id ? $aroGroup->group_id : 29; } else { $group = 29; } } else { if (JCOMMENTS_JVERSION == '1.5') { $group = $user->id ? $user->gid : 29; } else { if (JCOMMENTS_JVERSION == '1.7') { if ($user->id) { $db = JFactory::getDbo(); // get highest group $query = $db->getQuery(true)->select('a.id')->from('#__user_usergroup_map AS map')->leftJoin('#__usergroups AS a ON a.id = map.group_id')->where('map.user_id = ' . (int) $user->id)->order('a.lft desc'); $db->setQuery($query, 0, 1); $group = $db->loadResult(); } else { $group = JComponentHelper::getParams('com_users')->get('guest_usergroup', 1); } } } } } if (in_array($group, $list)) { return 1; } } return 0; }
public function __construct($opts = null) { global $db; if (!is_array($opts)) { $opts = array(); } $opts['db_type'] = w2PgetConfig('dbtype'); $opts['db_host'] = w2PgetConfig('dbhost'); $opts['db_user'] = w2PgetConfig('dbuser'); $opts['db_password'] = w2PgetConfig('dbpass'); $opts['db_name'] = w2PgetConfig('dbname'); $opts['db_table_prefix'] = w2PgetConfig('dbprefix') . $this->_db_acl_prefix; $opts['db'] = $db; if (w2PgetConfig('debug', 0) > 10) { $this->_debug = true; } parent::gacl_api($opts); }
function dPacl($opts = null) { global $dPconfig; if (!is_array($opts)) { $opts = array(); } $opts['db_type'] = $dPconfig['dbtype']; $opts['db_host'] = $dPconfig['dbhost']; $opts['db_user'] = $dPconfig['dbuser']; $opts['db_password'] = $dPconfig['dbpass']; $opts['db_name'] = $dPconfig['dbname']; // We can add an ADODB instance instead of the database // connection details. This might be worth looking at in // the future. if ($dPconfig['debug'] > 10) { $this->_debug = true; } parent::gacl_api($opts); }
public function w2Pacl($opts = null) { global $db; if (!is_array($opts)) { $opts = array(); } $opts['db_type'] = w2PgetConfig('dbtype'); $opts['db_host'] = w2PgetConfig('dbhost'); $opts['db_user'] = w2PgetConfig('dbuser'); $opts['db_password'] = w2PgetConfig('dbpass'); $opts['db_name'] = w2PgetConfig('dbname'); $opts['db_table_prefix'] = w2PgetConfig('dbprefix') . $this->_db_acl_prefix; $opts['db'] = $db; // We can add an ADODB instance instead of the database // connection details. This might be worth looking at in // the future. if (w2PgetConfig('debug', 0) > 10) { $this->_debug = true; } parent::gacl_api($opts); }
function get_object_access( $user_id, $recurse = false ) { global $_CB_database; $user_id = (int) $user_id; if ( checkJversion() == 2 ) { $levels = $this->_acl->getAuthorisedViewLevels( $user_id ); $return = ( $recurse ? $levels : array_slice( $levels, -1 ) ); } else { if ( checkJversion() == 1 ) { $user =& JFactory::getUser(); $user->load( $user_id ); $level = $user->get( 'aid', 0 ); } else { $user = new mosUser( $_CB_database ); $user->load( $user_id ); $level = $user->gid; } $query = 'SELECT ' . $_CB_database->NameQuote( 'id' ) . "\n FROM " . $_CB_database->NameQuote( '#__groups' ) . "\n WHERE " . $_CB_database->NameQuote( 'id' ) . " <= " . (int) $level . "\n ORDER BY " . $_CB_database->NameQuote( 'id' ); $_CB_database->setQuery( $query ); $levels = $_CB_database->loadResultArray(); for ( $i = 0, $n = count( $levels ); $i < $n; $i++ ) { $levels[$i] = (int) $levels[$i]; } $return = ( $recurse ? $levels : array_slice( $levels, -1 ) ); } return $return; }
<?php require_once 'AMP/BaseDB.php'; require_once AMP_PATH_PHPGACL . '/gacl.class.php'; require_once AMP_PATH_PHPGACL . '/gacl_api.class.php'; require_once AMP_PATH_PHPGACL . '/admin/gacl_admin.inc.php'; /* * Create an array containing your preferred settings, including how to connect to your database. */ $gacl_options = array('debug' => $gacl_options['debug'], 'items_per_page' => 100, 'max_select_box_items' => 100, 'max_search_return_items' => 200, 'db_type' => $gacl_options['db_type'], 'db_host' => $gacl_options['db_host'], 'db_user' => $gacl_options['db_user'], 'db_password' => $gacl_options['db_password'], 'db_name' => $gacl_options['db_name'], 'db_table_prefix' => $gacl_options['db_table_prefix'], 'caching' => FALSE, 'force_cache_expire' => TRUE, 'cache_dir' => '/tmp/phpgacl_cache', 'cache_expire_time' => 600); /* * Let's get ready to RUMBLE!!! */ $gacl_api = new gacl_api($gacl_options); /* * Keep in mind, all of this can be done through the Administration Interface via your browser. */ /* * Create an Access Control Object (ACO) section. * Sections serve no other purpose than to categorize ACOs. * * add_object_section($name, $value=0, $order=0, $hidden=0, $object_type=NULL) */ $result = $gacl_api->add_object_section('System', 'system', 10, 0, 'ACO'); //Must specifiy Object Type. if ($result !== FALSE) { echo "Created ACO section sucessfully. <br>\n"; } else { echo "Error creating ACO section.<br>\n"; } unset($result);
$conf = $GLOBALS["CONF"]; $phpgacl = $conf->get_conf("phpgacl_path"); require_once "{$phpgacl}/gacl.class.php"; require_once "{$phpgacl}/gacl_api.class.php"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <link rel="stylesheet" type="text/css" href="../style/style.css"/> </head> <body> <?php include "../hmenu.php"; $gacl_api = new gacl_api($ACL_OPTIONS); if (isset($_SERVER['HTTP_REFERER'])) { ?> <br/> <center> <form><input type="button" class="button" onclick="document.location.href='<?php echo $_SERVER['HTTP_REFERER']; ?> '" value="<?php echo _("Back"); ?> "/> </form> </center> <?php }
<?php } else { ?> <td><input type="checkbox" name="reminder[<?php echo $index; ?> ]]"></td> <?php } ?> <td> </td> <td> <?php //Place the ACO selector here $gacl_temp = new gacl_api(); $list_aco_objects = $gacl_temp->get_objects(NULL, 0, 'ACO'); foreach ($list_aco_objects as $key => $value) { asort($list_aco_objects[$key]); } echo "<select name='access_control[" . $index . "]'>"; foreach ($list_aco_objects as $section => $array_acos) { $aco_section_data = $gacl_temp->get_section_data($section, 'ACO'); $aco_section_title = $aco_section_data[3]; foreach ($array_acos as $aco) { $aco_id = $gacl_temp->get_object_id($section, $aco, 'ACO'); $aco_data = $gacl_temp->get_object_data($aco_id, 'ACO'); $aco_title = $aco_data[0][3]; $select = ''; if ($rule->access_control() == $section . ":" . $aco) { $select = 'selected';
<?php global $conf; global $global; define('APPROOT', realpath(dirname(__FILE__) . '/../') . '/'); $_SESSION['username'] = '******'; require_once APPROOT . 'conf/sysconf.php'; include APPROOT . '3rd/phpgacl/gacl.class.php'; include APPROOT . '3rd/phpgacl/gacl_api.class.php'; include APPROOT . 'inc/handler_db.inc'; # $gacl= new gacl(array('db_host'=> $conf['db_host'] , 'db_name'=> $conf['db_name'] , 'db_user'=> $conf['db_user'], 'db_password'=> $conf['db_pass'] , 'db_table_prefix'=>'gacl_' , 'db_type'=> 'mysql' )); # $gacl_api = new gacl_api(array('db_host'=> $conf['db_host'] , 'db_name'=> $conf['db_name'] , 'db_user'=> $conf['db_user'], 'db_password'=> $conf['db_pass'] , 'db_table_prefix'=>'gacl_' , 'db_type'=> 'mysql' )); $gacl = new gacl(array('db' => $global['db'], 'db_table_prefix' => 'gacl_')); $gacl_api = new gacl_api(array('db' => $global['db'], 'db_table_prefix' => 'gacl_')); $g_user_admin = $gacl_api->get_group_id('admin', 'Admin', ' ARO'); $gacl_api->add_object('modules', 'Dashboard', 'dashboard', 8, 0, 'AXO'); $gacl_api->add_acl(array('access' => array('access')), null, array($g_user_admin), array('modules' => array('dashboard')));
// | This file is part of the Openology FrameWork | // | Copyright (c) 2004-2005 Openology.org Team | // | | // | For the full copyright and license information, please view the COPYRIGHT | // | file that was distributed with this source code. If the COPYRIGHT file is | // | missing, please visit Openology homepage: http://www.openology.org/ | // +---------------------------------------------------------------------------+ // // $Id: include_once OOO_APP_MODULES . '/page.php'; include_once OOO_APP_CLASSES . '/usergroup.php'; include_once OOO_CORE . '/form/Form.php'; include_once OOO_CORE . '/form/FormController.php'; include_once OOO_LIB . '/phpgacl/gacl.class.php'; include_once OOO_LIB . '/phpgacl/gacl_api.class.php'; $gacl_api = new gacl_api($gacl_options); if ($op == 'editgroup') { $group = new usergroup($DB); $group->id = $_GET['group_id']; $arr_group = $group->selectusergroup(); $smarty->assign("function_title", 'Edit Group'); } else { $smarty->assign("function_title", 'Add Group'); } $arr_data = $gacl_api->get_objects('', 1, 'aco'); $arr_aco = array(); $arr_tmp = $arr_data['system']; $arr_checked = array(); for ($i = 0; $i < count($arr_tmp); $i++) { $obj_value = $arr_tmp[$i]; $obj_id = $gacl_api->get_object_id('system', $obj_value, 'aco');
public function act_test() { include APPROOT . '3rd/phpgacl/gacl_api.class.php'; // $gacl_api = new gacl_api(array('db'=>$global['db'] , 'db_table_prefix'=>'gacl_')); $gacl_api = new gacl_api(); $gacl_api->clear_database(); // ARO // $root_aro = $gacl_api->add_group('root', 'OpenEvSysUser', 0, 'ARO'); $user_group = $gacl_api->add_group('users', 'Users', $root_aro, 'ARO'); $g_user_admin = $gacl_api->add_group('admin', 'Admin', $user_group, ' ARO'); $g_user_analyst = $gacl_api->add_group('analyst', 'Analyst', $user_group, ' ARO'); $g_user_data_entry = $gacl_api->add_group('data_entry', 'Data Entry', $user_group, ' ARO'); $ws_group = $gacl_api->add_group('ws', 'WS', $root_aro, 'ARO'); // ARO sections $gacl_api->add_object_section('Users', 'users', 1, 0, 'ARO'); //ARO values $gacl_api->add_object('users', 'Admin', 'admin', 1, 0, 'ARO'); $gacl_api->add_object('users', 'User1', 'user1', 2, 0, 'ARO'); $gacl_api->add_object('users', 'User2', 'user2', 3, 0, 'ARO'); $gacl_api->add_object('users', 'User3', 'user3', 4, 0, 'ARO'); //ACO // //ACO sections $gacl_api->add_object_section('CRUD', 'crud', 1, 0, 'ACO'); $gacl_api->add_object_section('Access', 'access', 1, 0, 'ACO'); //ACO values $gacl_api->add_object('access', 'Access', 'access', 1, 0, 'ACO'); $gacl_api->add_object('crud', 'Create', 'create', 1, 0, 'ACO'); $gacl_api->add_object('crud', 'Read', 'read', 2, 0, 'ACO'); $gacl_api->add_object('crud', 'Update', 'update', 3, 0, 'ACO'); $gacl_api->add_object('crud', 'Delete', 'delete', 4, 0, 'ACO'); // AXO // $root_axo = $gacl_api->add_group('root', 'root', 0, 'AXO'); $gacl_api->add_group('modules', 'Modules', $root_axo, 'AXO'); $entity_group = $gacl_api->add_group('entities', 'Entities', $root_axo, 'AXO'); $g_entities_primary = $gacl_api->add_group('primary', 'Primary', $entity_group, 'AXO'); $g_entities_linking = $gacl_api->add_group('linking', 'Linking', $entity_group, 'AXO'); $g_entities_additional = $gacl_api->add_group('additional', 'Additional Details', $entity_group, 'AXO'); $g_events = $gacl_api->add_group('events', 'Events', $root_axo, 'AXO'); // AXO sections // $gacl_api->add_object_section('Modules', 'modules', 1, 0, 'AXO'); $gacl_api->add_object_section('Entities', 'entities', 2, 0, 'AXO'); $gacl_api->add_object_section('Events', 'events', 3, 0, 'AXO'); // AXO values $gacl_api->add_object('modules', 'Event', 'events', 1, 0, 'AXO'); $gacl_api->add_object('modules', 'Person', 'person', 2, 0, 'AXO'); $gacl_api->add_object('modules', 'Documents', 'docu', 3, 0, 'AXO'); $gacl_api->add_object('modules', 'Home', 'home', 4, 0, 'AXO'); $gacl_api->add_object('modules', 'Help', 'help', 5, 0, 'AXO'); $gacl_api->add_object('modules', 'Admin', 'admin', 6, 0, 'AXO'); $gacl_api->add_object('modules', 'Analysis', 'analysis', 7, 0, 'AXO'); $gacl_api->add_object('entities', 'Event', 'event', 1, 0, 'AXO'); $gacl_api->add_object('entities', 'Person', 'person', 2, 0, 'AXO'); $gacl_api->add_object('entities', 'Document', 'document', 3, 0, 'AXO'); $gacl_api->add_object('entities', 'Information', 'information', 4, 0, 'AXO'); $gacl_api->add_object('entities', 'Involvement', 'involvement', 5, 0, 'AXO'); $gacl_api->add_object('entities', 'Intervention', 'intervention', 6, 0, 'AXO'); $gacl_api->add_object('entities', 'Act', 'act', 7, 0, 'AXO'); $gacl_api->add_object('entities', 'Chain Of Events', 'chain_of_events', 8, 0, 'AXO'); $gacl_api->add_object('entities', 'Biographic Details', 'biographic_details', 9, 0, 'AXO'); // Add Groups $gacl_api->add_group_object($g_entities_primary, 'entities', 'event', 'AXO'); $gacl_api->add_group_object($g_entities_primary, 'entities', 'person', 'AXO'); $gacl_api->add_group_object($g_entities_primary, 'entities', 'document', 'AXO'); $gacl_api->add_group_object($g_entities_linking, 'entities', 'act', 'AXO'); $gacl_api->add_group_object($g_entities_linking, 'entities', 'information', 'AXO'); $gacl_api->add_group_object($g_entities_linking, 'entities', 'intervention', 'AXO'); $gacl_api->add_group_object($g_entities_linking, 'entities', 'involvement', 'AXO'); $gacl_api->add_group_object($g_entities_linking, 'entities', 'chain_of_events', 'AXO'); $gacl_api->add_group_object($g_entities_additional, 'entities', 'biographic_details', 'AXO'); $gacl_api->add_group_object($g_user_admin, 'users', 'admin', 'ARO'); $gacl_api->add_group_object($g_user_data_entry, 'users', 'user1', 'ARO'); $gacl_api->add_group_object($g_user_analyst, 'users', 'user2', 'ARO'); $gacl_api->add_group_object($g_user_data_entry, 'users', 'user3', 'ARO'); // permissions $gacl_api->add_acl(array('access' => array('access')), null, array($root_aro), array('modules' => array('home', 'help'))); $gacl_api->add_acl(array('access' => array('access')), null, array($g_user_admin), array('modules' => array('events', 'person', 'docu', 'analysis', 'admin'))); $gacl_api->add_acl(array('access' => array('access')), null, array($g_user_analyst), array('modules' => array('analysis'))); $gacl_api->add_acl(array('access' => array('access')), null, array($g_user_data_entry), array('modules' => array('person', 'events', 'docu'))); $gacl_api->add_acl(array('crud' => array('create', 'read', 'update', 'delete')), null, array($root_aro), array('entities' => array('person', 'event', 'act', 'information', 'intervention', 'involvement', 'chain_of_events', 'biographic_details'))); $gacl_api->add_acl(array('crud' => array('create', 'read', 'update', 'delete')), null, array($root_aro), null, array($g_events)); }
require_once $mosConfig_absolute_path . "/includes/joomla.php"; } $mainframe = new mosMainFrame($database, 'com_zoom', '..', true); $mainframe->initSession(); error_reporting(E_ALL); set_magic_quotes_runtime(0); if (file_exists($mosConfig_absolute_path . "/version.php")) { include_once $mosConfig_absolute_path . "/version.php"; } elseif (file_exists($mosConfig_absolute_path . "/includes/version.php")) { include_once $mosConfig_absolute_path . "/includes/version.php"; } include_once $mosConfig_absolute_path . "/includes/database.php"; require_once $mosConfig_absolute_path . '/includes/gacl.class.php'; require_once $mosConfig_absolute_path . '/includes/gacl_api.class.php'; $database = new database($mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix); $acl = new gacl_api(); if (isset($_REQUEST['uid'])) { $uid = intval(trim($_REQUEST['uid'])); } else { if (isset($_REQUEST['dnd_uid'])) { $uid = intval(trim($_REQUEST['dnd_uid'])); } else { $uid = '0'; } } $my = $mainframe->getUser(); session_start(); $database->setQuery("SELECT id, gid, username, usertype FROM #__users WHERE id={$uid}"); $row = null; if ($database->loadObject($row)) { // fudge the group stuff
function return_values_xml($err) { global $phpgacl_location; include_once "{$phpgacl_location}/gacl_api.class.php"; $gacl = new gacl_api(); $returns = array(); $message = "<?xml version=\"1.0\"?>\n" . "<response>\n"; foreach (acl_get_group_title_list() as $value) { $acl_id = $gacl->search_acl(FALSE, FALSE, FALSE, FALSE, $value, FALSE, FALSE, FALSE, FALSE); foreach ($acl_id as $value2) { $acl = $gacl->get_acl($value2); $ret = $acl["return_value"]; if (!in_array($ret, $returns)) { // Modified 6-2009 by BM - Translate return value $message .= "\t<return>\n"; $message .= "\t\t<returnid>" . $ret . "</returnid>\n"; $message .= "\t\t<returntitle>" . xl($ret) . "</returntitle>\n"; $message .= "\t</return>\n"; array_push($returns, $ret); } } } if (isset($err)) { foreach ($err as $value) { $message .= "\t<error>" . $value . "</error>\n"; } } $message .= "</response>\n"; return $message; }
// | | // | For the full copyright and license information, please view the COPYRIGHT | // | file that was distributed with this source code. If the COPYRIGHT file is | // | missing, please visit Openology homepage: http://www.openology.org/ | // +---------------------------------------------------------------------------+ // // $Id: include_once OOO_LIB . '/phpgacl/gacl.class.php'; include_once OOO_LIB . '/phpgacl/gacl_api.class.php'; if (isset($_POST['user'])) { $arr_newuser = $_POST['user']; } else { $arr_newuser = 0; } $id = $_POST['aro_group_id']; $gacl_api = new gacl_api($gacl_options); $arr_olduser = $gacl_api->get_group_objects($id, 'aro'); //aro object value if (count($arr_olduser) && is_array($arr_newuser)) { $arr_add = array_diff($arr_newuser, $arr_olduser['users']); $arr_del = array_diff($arr_olduser['users'], $arr_newuser); foreach ($arr_add as $value) { $gacl_api->add_group_object($id, 'users', $value, 'aro'); } foreach ($arr_del as $value) { $gacl_api->del_group_object($id, 'users', $value, 'aro'); } } elseif (count($arr_olduser) && !is_array($arr_newuser)) { $arr_del = $arr_olduser['users']; foreach ($arr_del as $value) { $gacl_api->del_group_object($id, 'users', $value, 'aro');
function del_acl($id) { gacl_api::del_acl($id); $this->regeneratePermissions(); }
* The ACL tree for this example is: * Millennium Falcon Passengers Group * |-Crew Group * | |-Han ARO * | '-Chewie ARO * '-Passengers Group * |-Obi-wan ARO * |-Luke ARO * |-R2D2 ARO * '-C3PO ARO */ /* * Initialise the database - by clearing the database. */ // Let's get ready to RUMBLE!!! $gacl_api = new gacl_api($gacl_options); /* * Keep in mind, all of this can be done through the Administration Interface via your browser. */ /* * Create an Access Control Object (ACO) section. * Sections serve no other purpose than to categorize ACOs. * * add_object_section($name, $value=0, $order=0, $hidden=0, $object_type=NULL) */ $result = $gacl_api->add_object_section('Access', 'access', 10, 0, 'ACO'); //Must specifiy Object Type. if ($outputDebug == TRUE) { if ($result !== FALSE) { echo "Created ACO section sucessfully. <br>\n"; } else {
* | '-Chewie ARO [DENY: Engines] * '-Passengers Group [ALLOW: Lounge] * |- Jedi [ALLOW: Cockpit] | |-Obi-wan ARO * | '-Luke ARO [ALLOW: Guns] * |-R2D2 ARO [ALLOW: Engines] * '-C3PO ARO * */ // Get the phpGACL option settings require_once 'millenniumFalcon.inc'; /* * Initialise the database - by clearing and running the previous examples. */ // Let's get ready to RUMBLE!!! $gacl_api = new gacl_api($gacl_options); /* * Keep in mind, all of this can be done through the Administration Interface via your browser. */ /* * To keep things clear for this stage the process is as follows: * * 1) Add a Jedi ARO Section. * 2) Add the ARO Group for Jedi, with the parent group being Passengers * 3) Edit Obi-wan and Lukes Object to assign the Section to Jedi. * 4) Assign ACL to Jedi ARO Group. * 5) Test! */ /* * Add an ARO Section for Jedi - so we can assign Passengers to this section. */
<?php global $conf; global $global; define('APPROOT', realpath(dirname(__FILE__) . '/../') . '/'); require_once APPROOT . 'conf/sysconf.php'; include APPROOT . '3rd/phpgacl/gacl.class.php'; include APPROOT . '3rd/phpgacl/gacl_api.class.php'; include APPROOT . 'inc/handler_db.inc'; # $gacl= new gacl(array('db_host'=> $conf['db_host'] , 'db_name'=> $conf['db_name'] , 'db_user'=> $conf['db_user'], 'db_password'=> $conf['db_pass'] , 'db_table_prefix'=>'gacl_' , 'db_type'=> 'mysql' )); # $gacl_api = new gacl_api(array('db_host'=> $conf['db_host'] , 'db_name'=> $conf['db_name'] , 'db_user'=> $conf['db_user'], 'db_password'=> $conf['db_pass'] , 'db_table_prefix'=>'gacl_' , 'db_type'=> 'mysql' )); $gacl = new gacl(array('db' => $global['db'], 'db_table_prefix' => 'gacl_')); $gacl_api = new gacl_api(array('db' => $global['db'], 'db_table_prefix' => 'gacl_')); $gacl_api->clear_database(); // ARO // $root_aro = $gacl_api->add_group('root', 'OpenEvSysUser', 0, 'ARO'); $user_group = $gacl_api->add_group('users', 'Users', $root_aro, 'ARO'); $g_user_admin = $gacl_api->add_group('admin', 'Admin', $user_group, ' ARO'); $g_user_analyst = $gacl_api->add_group('analyst', 'Analyst', $user_group, ' ARO'); $g_user_data_entry = $gacl_api->add_group('data_entry', 'Data Entry', $user_group, ' ARO'); $ws_group = $gacl_api->add_group('ws', 'WS', $root_aro, 'ARO'); // ARO sections $gacl_api->add_object_section('Users', 'users', 1, 0, 'ARO'); //ARO values $gacl_api->add_object('users', 'Admin', 'admin', 1, 0, 'ARO'); //ACO // //ACO sections $gacl_api->add_object_section('CRUD', 'crud', 1, 0, 'ACO'); $gacl_api->add_object_section('Access', 'access', 1, 0, 'ACO'); //ACO values $gacl_api->add_object('access', 'Access', 'access', 1, 0, 'ACO');
$outputDebug = true; $gacl_api = new gacl_api($gacl_options); $gacl_api->clear_database(); include 'definingAccessControl.php'; break; case 'example2': $outputDebug = false; $gacl_api = new gacl_api($gacl_options); $gacl_api->clear_database(); include 'definingAccessControl.php'; $outputDebug = true; include 'fineGrainAccessControl.php'; break; case 'example3': $outputDebug = false; $gacl_api = new gacl_api($gacl_options); $gacl_api->clear_database(); include 'definingAccessControl.php'; include 'fineGrainAccessControl.php'; $outputDebug = true; include 'Multi-levelGroups.php'; break; default: include 'welcome.php'; break; } ?> </div> </div> </div> <?php
// +---------------------------------------------------------------------------+ // | This file is part of the Openology FrameWork | // | Copyright (c) 2004-2005 Openology.org Team | // | | // | For the full copyright and license information, please view the COPYRIGHT | // | file that was distributed with this source code. If the COPYRIGHT file is | // | missing, please visit Openology homepage: http://www.openology.org/ | // +---------------------------------------------------------------------------+ // // $Id: include_once OOO_APP_MODULES . '/page.php'; include_once OOO_APP_CLASSES . '/usergroup.php'; include_once OOO_CORE . '/form/Form.php'; include_once OOO_CORE . '/form/FormController.php'; $gacl_api = new gacl_api($gacl_options); $arr_data = $gacl_api->get_objects('', 1, 'aco'); $arr_aco = array(); $arr_tmp = $arr_data['system']; for ($i = 0; $i < count($arr_tmp); $i++) { $arr_aco[$arr_tmp[$i]] = $arr_tmp[$i]; } //print_r($arr_aco); $form = new Form('form1', 'index.php', 'post'); $text1 =& $form->addElement('text'); $text1->setAttribute('id', 'name'); $text2 =& $form->addElement('textarea'); $text2->setAttribute('id', 'description'); $text3 =& $form->addElement('checkbox'); $text3->setAttribute('id', 'permission'); $text3->setAttribute('name', 'permission[]');
function remove() { // Remove user, the remove from gacl $userName = trim($this->request->args[0]); $users = $this->application->db->query("From UserModel as user where user.name='" . $userName . "'"); $user = $users[0]; $this->application->db->delete($user); require_once "lib/phpgacl/gacl_api.class.php"; $api = new gacl_api(array()); $id = $api->get_object_id("user", $userName, "ARO"); $api->del_object($id, "ARO"); $this->render("user/removed", array("user" => $userName), "SMARTY"); }
/** * Wraps the actual acl_query() function. * * It is simply here to return TRUE/FALSE accordingly. * @param string The ACO section value * @param string The ACO value * @param string The ARO section value * @param string The ARO section * @param string The AXO section value (optional) * @param string The AXO section value (optional) * @param integer The group id of the ARO ??Mike?? (optional) * @param integer The group id of the AXO ??Mike?? (optional) * @return mixed Generally a zero (0) or (1) or the extended return value of the ACL */ function acl_check($aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value = NULL, $axo_value = NULL, $root_aro_group = NULL, $root_axo_group = NULL) { if ($this->_checkMode === 1) { return parent::acl_check($aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value, $axo_value, $root_aro_group, $root_axo_group); } $this->debug_text("\n<br /> ACO={$aco_section_value}:{$aco_value}, ARO={$aro_section_value}:{$aro_value}, AXO={$axo_section_value}|{$axo_value}"); $acl_result = 0; for ($i = 0; $i < $this->acl_count; $i++) { $acl =& $this->acl[$i]; if (strcasecmp($aco_section_value, $acl[0]) == 0) { if (strcasecmp($aco_value, $acl[1]) == 0) { if (strcasecmp($aro_section_value, $acl[2]) == 0) { if (strcasecmp($aro_value, $acl[3]) == 0) { if ($axo_section_value && $acl[4]) { if (strcasecmp($axo_section_value, $acl[4]) == 0) { if (strcasecmp($axo_value, $acl[5]) == 0) { $acl_result = @$acl[6] ? $acl[6] : 1; break; } } } else { $acl_result = @$acl[6] ? $acl[6] : 1; break; } } } } } } return $acl_result; }
* The ACL tree at the end of this example will be: * Millennium Falcon Passengers Group * |-Crew Group [ALLOW: ALL] * | |-Han ARO * | '-Chewie ARO [DENY: Engines] * '-Passengers Group [ALLOW: Lounge] * |-Obi-wan ARO * |-Luke ARO [ALLOW: Guns] * |-R2D2 ARO [ALLOW: Engines] * '-C3PO ARO */ /* * Initialise the database - by clearing and running the previous examples. */ // Let's get ready to RUMBLE!!! $gacl_api = new gacl_api($gacl_options); /* * Keep in mind, all of this can be done through the Administration Interface via your browser. */ /* * Deny Chewie Access to the Engines! */ //Associative array, with Object Section Value => array( Object Value ) pairs. $aco_array = array('access' => array('engines')); $aro_array = array('crew' => array('chewie')); $allow = FALSE; $enabled = TRUE; $return_value = NULL; $note = "Denying Chewie access to the engines!"; //The NULL values are for the more advanced options such as groups, and AXOs. Refer to the manual for more info. $result = $gacl_api->add_acl($aco_array, $aro_array, NULL, NULL, NULL, $allow, $enabled, $return_value, $note);
// Accounting // // Upgrade Howto // When upgrading to a new version of OpenEMR, run the acl_upgrade.php // script to update the phpGACL access controls. This is required to // ensure the database includes all the required Access Control // Objects(ACO). // // On 06/2009, added pertinent comments below each entry to allow capture // of these terms by the translation engine. require_once dirname(__FILE__) . '/library/acl.inc'; if (!$phpgacl_location) { die("You must first set up library/acl.inc to use phpGACL!"); } require_once "{$phpgacl_location}/gacl_api.class.php"; $gacl = new gacl_api(); // Create the ACO sections. Every ACO must have a section. // if ($gacl->add_object_section('Accounting', 'acct', 10, 0, 'ACO') === FALSE) { echo "Unable to create the access controls for OpenEMR. You have likely already run this script (acl_setup.php) successfully.<br>Other possible problems include php-GACL configuration file errors (gacl.ini.php or gacl.class.php).<br>"; return; } // xl('Accounting') $gacl->add_object_section('Administration', 'admin', 10, 0, 'ACO'); // xl('Administration') $gacl->add_object_section('Encounters', 'encounters', 10, 0, 'ACO'); // xl('Encounters') $gacl->add_object_section('Lists', 'lists', 10, 0, 'ACO'); // xl('Lists') $gacl->add_object_section('Patients', 'patients', 10, 0, 'ACO'); // xl('Patients')
if (file_exists(APPROOT . '3rd/Zend/ ' . $class_name . '.php')) { require_once APPROOT . '3rd/Zend/ ' . $class_name . '.php'; } if (file_exists(APPROOT . 'data/' . $class_name . '.php')) { require_once APPROOT . 'data/' . $class_name . '.php'; } } } spl_autoload_register(array('AutoLoadClass', '__autoload')); //include(APPROOT.'3rd/phpgacl/gacl.class.php'); include APPROOT . '3rd/phpgacl/gacl_api.class.php'; include APPROOT . 'inc/handler_db.inc'; # $gacl= new gacl(array('db_host'=> $conf['db_host'] , 'db_name'=> $conf['db_name'] , 'db_user'=> $conf['db_user'], 'db_password'=> $conf['db_pass'] , 'db_table_prefix'=>'gacl_' , 'db_type'=> 'mysql' )); # $gacl_api = new gacl_api(array('db_host'=> $conf['db_host'] , 'db_name'=> $conf['db_name'] , 'db_user'=> $conf['db_user'], 'db_password'=> $conf['db_pass'] , 'db_table_prefix'=>'gacl_' , 'db_type'=> 'mysql' )); $gacl = new gacl(array('db' => $global['db'], 'db_table_prefix' => 'gacl_')); $gacl_api = new gacl_api(array('db' => $global['db'], 'db_table_prefix' => 'gacl_')); $root_aro = $gacl_api->get_group_id('root', 'OpenEvSysUser', 'ARO'); //var_dump('root_aro' , $root_aro); exit(0); $root_axo = $gacl_api->get_group_id('root', 'root', 'AXO'); //var_dump($root_axo); $g_person = $gacl_api->add_group('person', 'Person', $root_axo, 'AXO'); $gacl_api->add_object_section('Person', 'person', 3, 0, 'AXO'); $gacl_api->add_acl(array('access' => array('access')), null, array($root_aro), null, array($g_person)); $persons = Browse::getPersonConf(); //var_dump($persons); exit(0); foreach ($persons as $person) { acl_add_person($person['person_record_number']); //if event is marked as confidential limit it to this user and admin. if ($person['confidentiality'] == 'y') { acl_set_person_permissions($person['person_record_number']); }
// | file that was distributed with this source code. If the COPYRIGHT file is | // | missing, please visit Openology homepage: http://www.openology.org/ | // +---------------------------------------------------------------------------+ // // $Id: include_once OOO_APP_MODULES . '/page.php'; include_once OOO_APP_CLASSES . '/usergroup.php'; include_once OOO_APP_CLASSES . '/user.php'; include_once OOO_CORE . '/form/Form.php'; include_once OOO_CORE . '/form/FormController.php'; include_once OOO_CORE . '/gui/SmartyUtil.php'; include_once OOO_LIB . '/phpgacl/gacl.class.php'; include_once OOO_LIB . '/phpgacl/gacl_api.class.php'; $group_id = $_GET['id']; //group_id $gacl_api = new gacl_api($gacl_options); $id = $gacl_api->get_group_id($group_id, $group_id, 'ARO'); //aro group_id $arr_user = $gacl_api->get_group_objects($id, 'aro'); //aro object value $group = new usergroup($DB); if (is_array($arr_user)) { if (count($arr_user)) { $arr_in = $group->selectInUser($arr_user['users'], 1); $arr_out = $group->selectInUser($arr_user['users'], 0); } else { $user = new user($DB); $arr_out = $user->selectAlluser(1000, 1); } } $smartyutil = new SmartyUtil();
// | This file is part of the Openology FrameWork | // | Copyright (c) 2004-2005 Openology.org Team | // | | // | For the full copyright and license information, please view the COPYRIGHT | // | file that was distributed with this source code. If the COPYRIGHT file is | // | missing, please visit Openology homepage: http://www.openology.org/ | // +---------------------------------------------------------------------------+ // // $Id: include_once OOO_APP_MODULES . '/page.php'; include_once OOO_APP_CLASSES . '/usergroup.php'; include_once OOO_CORE . '/form/Form.php'; include_once OOO_CORE . '/form/FormController.php'; include_once OOO_LIB . '/phpgacl/gacl.class.php'; include_once OOO_LIB . '/phpgacl/gacl_api.class.php'; $gacl_api = new gacl_api($gacl_options); $usergroup = new usergroup($DB); if ($op == 'deletegroup') { $arr_id = $_POST['delete']; for ($i = 0; $i < count($arr_id); $i++) { $usergroup->id = $arr_id[$i]; $usergroup->deleteusergroup(); $id = $gacl_api->get_group_id($group->id, $group->id, 'ARO'); $gacl_api->del_group($id, true, 'ARO'); } } else { $usergroup->name = $_POST['name']; $usergroup->description = $_POST['description']; $aco_array = array(); $aco_array['system'] = array(); $aco_array['system'] = $_POST['permission'];
function get_group_children_tree($root_id = null, $root_name = null, $inclusive = true) { global $database; $tree = gacl_api::_getBelow('#__core_acl_aro_groups', 'g1.group_id, g1.name, COUNT(g2.name) AS level', 'g1.name', $root_id, $root_name, $inclusive); // first pass get level limits $n = count($tree); $min = $tree[0]->level; $max = $tree[0]->level; for ($i = 0; $i < $n; $i++) { $min = min($min, $tree[$i]->level); $max = max($max, $tree[$i]->level); } $indents = array(); foreach (range($min, $max) as $i) { $indents[$i] = ' '; } // correction for first indent $indents[$min] = ''; $list = array(); for ($i = $n - 1; $i >= 0; $i--) { $shim = ''; foreach (range($min, $tree[$i]->level) as $j) { $shim .= $indents[$j]; } if (@$indents[$tree[$i]->level + 1] == '. ') { $twist = ' '; } else { $twist = "- "; } //$list[$i] = $tree[$i]->level.$shim.$twist.$tree[$i]->name; $list[$i] = mosHTML::makeOption($tree[$i]->group_id, $shim . $twist . $tree[$i]->name); if ($tree[$i]->level < @$tree[$i - 1]->level) { $indents[$tree[$i]->level + 1] = '. '; } } ksort($list); return $list; }
public function act_permissions() { global $global; include_once APPROOT . '3rd/phpgacl/gacl_api.class.php'; $gacl = new gacl_api(array('db' => $global['db'], 'db_table_prefix' => 'gacl_')); //select role $this->roles = acl_get_roles(); if (isset($_REQUEST['role'])) { $this->role = $_REQUEST['role']; } //change role if requested if (isset($_POST['change_role'])) { $this->role = $_POST['role']; } if (!array_key_exists($this->role, $this->roles)) { $this->role = key($this->roles); } $role_id = $gacl->get_group_id($this->role, NULL, 'ARO'); $role_name = $gacl->get_group_data($role_id, 'ARO'); $role_name = $role_name[3]; //list accessible modules $options = $gacl->get_objects('crud', 0, 'ACO'); $this->crud = $options['crud']; $group_id = $gacl->get_group_id('entities', 'Entities', 'AXO'); $entity_groups = $gacl->get_group_children($group_id, 'AXO', 'NO_RECURSE'); $this->entity_groups = array(); foreach ($entity_groups as $id) { $group = $gacl->get_group_data($id, 'AXO'); $this->entity_groups[$group[2]] = _t($group[3]); } //get the deny list $acl_list = array(); $this->select = array(); foreach ($this->entity_groups as $key => $group) { $acl_id = $gacl->search_acl('crud', FALSE, FALSE, FALSE, $role_name, FALSE, FALSE, $group, FALSE); if ($acl_id) { $acl_list = array_merge($acl_list, $acl_id); } $acl = $gacl->get_acl($acl_id[0]); if ($acl['allow'] == 0) { $crud = $acl['aco']['crud']; } foreach ($this->crud as $opt) { $this->select[$key . "_" . $opt] = true; if (is_array($crud) && in_array($opt, $crud)) { $this->select[$key . "_" . $opt] = false; } } } //list accessible entities if ($_POST['change_permissions']) { if ($this->role == 'admin') { shnMessageQueue::addInformation(_t('YOU_CANNOT_CHANGE_THE_ADMINISTRATOR_PERMISSIONS_')); } else { $this->select = array(); foreach ($this->entity_groups as $key => $group) { $crud = array(); foreach ($this->crud as $opt) { if (!isset($_POST[$key . '_' . $opt])) { array_push($crud, $opt); } $this->select[$key . "_" . $opt] = true; if (is_array($crud) && in_array($opt, $crud)) { $this->select[$key . "_" . $opt] = false; } } $axo_id = $gacl->get_group_id($key, $group, 'AXO'); if (count($crud) > 0) { $gacl->add_acl(array('crud' => $crud), NULL, array($role_id), NULL, array($axo_id), 0, 1); } } //delete previous acls foreach ($acl_list as $acl_id) { $gacl->del_acl($acl_id); } } } }