protected function savePermissions($type) { foreach (Request::$post['permissions'] as $group => $perms) { $permissions = []; if ($group == 'defaults') { foreach (PermissionsAPI::getPermissions() as $name => $default) { if (isset($perms[$name])) { $permissions[$name] = true; } else { $permissions[$name] = false; } } $this->db->update(PREFIX . 'permissions', ['permissions' => json_encode($permissions)], ['type' => $type, 'type_id' => 0, 'project_id' => 0]); } else { // Ignore 'null' values foreach ($perms as $name => $value) { if ($value == '1' || $value == '0') { $permissions[$name] = (bool) $value; } } // If there are no permissions, delete the row if (!count($permissions)) { $this->db->delete(PREFIX . 'permissions', ['type' => $type, 'type_id' => $group, 'project_id' => 0]); } else { // Check if the row exists already $query = queryBuilder()->select('id')->from(PREFIX . 'permissions')->where('type = ?')->andWhere('type_id = ?')->andWhere('project_id = ?')->setParameter(0, $type)->setParameter(1, $group)->setParameter(2, 0)->execute(); // Update the row if ($query->rowCount()) { $this->db->update(PREFIX . 'permissions', ['permissions' => json_encode($permissions)], ['type' => $type, 'type_id' => $group, 'project_id' => 0]); } else { // Insert a new row $this->db->insert(PREFIX . 'permissions', ['type' => $type, 'type_id' => $group, 'project_id' => 0, 'permissions' => json_encode($permissions)]); } } } } }
<?php use Traq\Permissions; $testSuite->createGroup('Permissions API', function ($g) { $g->test('Get defaults', function ($t) { $t->assertArray(Permissions::getDefaults()); $t->assertArray(Permissions::getDefaults(true)); }); $g->test('Get permissions', function ($t) { $t->assertArray(Permissions::getPermissions()); $t->assertArray(Permissions::getPermissions(true)); }); $g->test('Add permission', function ($t) { Permissions::add('test_add_permission', true, 'test'); $permissions = Permissions::getPermissions(); $permissionsWithCategories = Permissions::getPermissions(true); $t->assertTrue(isset($permissions['test_add_permission'])); $t->assertTrue(isset($permissionsWithCategories['test']['test_add_permission'])); }); $g->test('Permission exists', function ($t) { try { Permissions::add('test_add_permission', true, 'test'); Permissions::add('test_add_permission', true, 'test'); } catch (\Exception $e) { $caught = true; } $t->assertTrue(isset($caught)); }); });
/** * Check if the user can perform the requested action. * * @param integer $project_id * @param string $action * @param boolean $fetchProjectRoles * * @return bool */ public function hasPermission($action, $projectId, $fetchProjectRoles = false) { // Admins are godlike if ($this->is_admin) { return true; } if (!isset($this->permissions[$projectId])) { $this->permissions[$projectId] = null; } // No need to fetch permissions if we already have if ($this->permissions[$projectId] === null) { // Get group permissions $group = Permission::getPermissions($projectId, $this->group_id); // Get role permissions $role = []; if (!$fetchProjectRoles && isset($this->project_role_id) && $this->project_role_id) { $role = Permission::getPermissions($projectId, $this->project_role_id, 'role'); } else { $roles = $this->fetchProjectRolesIds(); if (isset($roles[$projectId])) { $role = Permission::getPermissions($projectId, $roles[$projectId], 'role'); } } // Merge group and role permissions $this->permissions[$projectId] = array_merge(Permissions::getPermissions(), array_merge($group, $role)); } return isset($this->permissions[$projectId][$action]) ? $this->permissions[$projectId][$action] : null; }