public function post_permissions($component = false)
{
$parameters = array();
$query = new DeleteQuery('Permission');
$query->filter("`role` != 'nobody'")->filter("`role` != 'superadmin'");
if ($component) {
$query->filter('`subject` = :component');
$parameters[':component'] = class_for_url($component);
}
$result = $query->execute($parameters);
if ($result === false) {
Backend::addError('Could not empty permissions table');
return false;
}
$permission = new PermissionObj();
$count = 0;
foreach (Controller::getPayload() as $key => $roles) {
if (strpos($key, '::') === false) {
continue;
}
list($subject, $action) = explode('::', $key, 2);
foreach ($roles as $role => $value) {
$data = array('subject' => $subject, 'action' => $action, 'role' => $role);
if ($permission->replace($data)) {
$count++;
}
}
}
return $count;
}
public static function dropAccess($access_type, $access_id)
{
$params = array(':access_type' => $access_type, ':access_id' => $access_id);
$query = new DeleteQuery('Assignment');
$query->filter('`access_type` = :access_type')->filter('`access_id` = :access_id');
$result = $query->execute($params) !== false ? true : false;
return $result;
}
public static function purgeUnconfirmed()
{
$query = new DeleteQuery('BackendUser');
$query->filter('`confirmed` = 0')->filter('`added` < DATE_SUB(DATE(NOW()), INTERVAL 1 WEEK)');
$deleted = $query->execute();
Backend::addSuccess($deleted . ' unconfirmed users deleted');
if ($deleted) {
send_email(ConfigValue::get('author.Email', ConfigValue::get('application.Email', 'info@' . SITE_DOMAIN)), 'Unconfirmed Users purged: ' . $deleted, $deleted . ' users were deleted from the database.
They were unconfirmed, and more than a week old
Site Admin
');
}
return true;
}
public static function install(array $options = array())
{
if (!Backend::getDB('default')) {
return true;
}
$class = get_called_class();
if (!$class || !class_exists($class, true)) {
return false;
}
//Purge permissions first
$query = new DeleteQuery('Permission');
$query->filter('`subject` = :subject')->filter('`system` = 0');
$query->execute(array(':subject' => class_for_url($class)));
$methods = get_class_methods($class);
$methods = array_filter($methods, create_function('$var', '$temp = explode(\'_\', $var, 2); return count($temp) == 2 && in_array(strtolower($temp[0]), array(\'action\', \'get\', \'post\', \'put\', \'delete\'));'));
$methods = array_map(create_function('$var', 'return preg_replace(\'/^(action|get|post|put|delete)_/\', \'\', $var);'), $methods);
$result = true;
foreach ($methods as $action) {
$result = Permission::add('nobody', $action, class_for_url($class)) && $result;
}
return $result;
}
public function getDeleteSQL()
{
if (!$id) {
return false;
}
extract($this->meta);
$query = new DeleteQuery($this);
$query->filter("`{$table}`.`{$id_field}` = :{$table}_id LIMIT 1");
//Check Ownership
/*
TODO
if (array_key_exists('owner_id', $this->meta['fields'])) {
if ($user = BackendUser::check()) {
if (!in_array('superadmin', $user->roles)) {
$query->filter("`{$this->meta['table']}`.`owner_id` = :owner_id");
$q_params[':owner_id'] = $user->id;
}
}
}
*/
return $query;
}
public static function forget($user)
{
$query = new DeleteQuery('PersistUser');
$query->filter('`user_id` = :id');
$query->execute(array(':id' => $user->id));
}