public static function remove($owner, $object, $perm) { if (!is_object($perm)) { $found = Pluf_Permission::getFromString($perm); if (false === $found) { throw new Exception(sprintf('The permission %s does not exist.', $perm)); } $perm = $found; } $growp = new Pluf_RowPermission(); $sql = new Pluf_SQL('owner_id=%s AND owner_class=%s AND model_id=%s AND model_class=%s AND permission=%s', array($owner->id, $owner->_a['model'], $object->id, $object->_a['model'], $perm->id)); $perms = $growp->getList(array('filter' => $sql->gen())); foreach ($perms as $p) { $p->delete(); } return true; }
/** * Get all the permissions of a user. * * @param bool Force the reload of the list of permissions (false) * @return array List of permissions */ function getAllPermissions($force = false) { if ($force == false and !is_null($this->_cache_perms)) { return $this->_cache_perms; } $this->_cache_perms = array(); $perms = (array) $this->get_permissions_list(); $groups = $this->get_groups_list(); $ids = array(); foreach ($groups as $group) { $ids[] = $group->id; } if (count($ids) > 0) { $gperm = new Pluf_Permission(); $f_name = strtolower(Pluf::f('pluf_custom_group', 'Pluf_Group')) . '_id'; $perms = array_merge($perms, (array) $gperm->getList(array('filter' => $f_name . ' IN (' . join(', ', $ids) . ')', 'view' => 'join_group'))); } foreach ($perms as $perm) { if (!in_array($perm->application . '.' . $perm->code_name, $this->_cache_perms)) { $this->_cache_perms[] = $perm->application . '.' . $perm->code_name; } } if (Pluf::f('pluf_use_rowpermission', false) and $this->id) { $growp = new Pluf_RowPermission(); $sql = new Pluf_SQL('owner_id=%s AND owner_class=%s', array($this->id, 'Pluf_User')); if (count($ids) > 0) { $sql2 = new Pluf_SQL('owner_id IN (' . join(', ', $ids) . ') AND owner_class=%s', array(Pluf::f('pluf_custom_group', 'Pluf_Group'))); $sql->SOr($sql2); } $perms = $growp->getList(array('filter' => $sql->gen(), 'view' => 'join_permission')); foreach ($perms as $perm) { $perm_string = $perm->application . '.' . $perm->code_name . '#' . $perm->model_class . '(' . $perm->model_id . ')'; if ($perm->negative) { $perm_string = '!' . $perm_string; } if (!in_array($perm_string, $this->_cache_perms)) { $this->_cache_perms[] = $perm_string; } } } return $this->_cache_perms; }
/** * Return membership data. * * The array has 3 keys: 'members', 'owners' and 'authorized'. * * The list of users is only taken using the row level permission * table. That is, if you set a user as administrator, he will * have the member and owner rights but will not appear in the * lists. * * @param string Format ('objects'), 'string'. * @return mixed Array of Pluf_User or newline separated list of logins. */ public function getMembershipData($fmt = 'objects') { $mperm = Pluf_Permission::getFromString('IDF.project-member'); $operm = Pluf_Permission::getFromString('IDF.project-owner'); $aperm = Pluf_Permission::getFromString('IDF.project-authorized-user'); $grow = new Pluf_RowPermission(); $db =& Pluf::db(); $false = Pluf_DB_BooleanToDb(false, $db); $sql = new Pluf_SQL('model_class=%s AND model_id=%s AND owner_class=%s AND permission=%s AND negative=' . $false, array('IDF_Project', $this->id, 'Pluf_User', $operm->id)); $owners = new Pluf_Template_ContextVars(array()); foreach ($grow->getList(array('filter' => $sql->gen())) as $row) { if ($fmt == 'objects') { $owners[] = Pluf::factory('Pluf_User', $row->owner_id); } else { $owners[] = Pluf::factory('Pluf_User', $row->owner_id)->login; } } $sql = new Pluf_SQL('model_class=%s AND model_id=%s AND owner_class=%s AND permission=%s AND negative=' . $false, array('IDF_Project', $this->id, 'Pluf_User', $mperm->id)); $members = new Pluf_Template_ContextVars(array()); foreach ($grow->getList(array('filter' => $sql->gen())) as $row) { if ($fmt == 'objects') { $members[] = Pluf::factory('Pluf_User', $row->owner_id); } else { $members[] = Pluf::factory('Pluf_User', $row->owner_id)->login; } } $authorized = new Pluf_Template_ContextVars(array()); if ($aperm != false) { $sql = new Pluf_SQL('model_class=%s AND model_id=%s AND owner_class=%s AND permission=%s AND negative=' . $false, array('IDF_Project', $this->id, 'Pluf_User', $aperm->id)); foreach ($grow->getList(array('filter' => $sql->gen())) as $row) { if ($fmt == 'objects') { $authorized[] = Pluf::factory('Pluf_User', $row->owner_id); } else { $authorized[] = Pluf::factory('Pluf_User', $row->owner_id)->login; } } } if ($fmt == 'objects') { return new Pluf_Template_ContextVars(array('members' => $members, 'owners' => $owners, 'authorized' => $authorized)); } else { return array('members' => implode("\n", (array) $members), 'owners' => implode("\n", (array) $owners), 'authorized' => implode("\n", (array) $authorized)); } }