<?php
/*
* ConPortal - Pomona College ITS scheduling appplication
* Copyright (C) 2005-2006 Pomona College
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of version 2 of the GNU General Public License
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
/* Functions in this file:
* checkPerm
* createPermission
* getGroupsForPermission
* getPermissionByName
* getPermissionDetails
* getPermissions
* getPermissionsForGroup
* grantPermissionToGroup
* revokePermissionFromGroup
* removePermission
*/
/*
* $userArray is the array returned by getUserDetails(), or $_SESSION (to check the logged-in user)
*/
function checkPerm ($userArray, $permName)
{
if (!isset($permName) || !$permName |
!isset($userArray) || !$userArray || !isset($userArray['pid']))
return false;
// First, make sure the permission is valid by converting name => pid
$perm = getPermissionByName($permName);
if (!$perm)
return false;
// Get the groups that 'have' this permission and we'll check them against
// the groups that the user is in
$valid_groups = getGroupsForPermission($perm['pid']);
// Now, get the groups for the user
$groups = getGroupsForUser($userArray['pid']);
$groups[] = $userArray['primary_group'];
foreach($groups as $g)
if (in_array($g, $valid_groups))
return true;
return false;
}
function createPermission ($name, $desc)
{
safeQuery("insert into permissions set name = '%s', description = '%s'",
mysql_real_escape_string(strtolower($name)),
mysql_real_escape_string($desc));
return mysql_insert_id();
}
function getGroupsForPermission ($perm)
{
$result = safeQuery("select groups.pid from group_perm, groups " .
"where groups.pid = group_perm.group and " .
"group_perm.permission = %d", $perm);
$array = array();
while ($row = mysql_fetch_row($result))
$array[] = $row[0];
return $array;
}
function getPermissionByName ($name)
{
$result = safeQuery("select * from permissions where name = '%s'",
mysql_real_escape_string($name));
return mysql_fetch_assoc($result);
}
function getPermissionDetails ($pid)
{
$result = safeQuery("select * from permissions where pid = %d", $pid);
return mysql_fetch_assoc($result);
}
/* List of PIDs of all permissions
*/
function getPermissions ()
{
$result = safeQuery("select pid from permissions");
$array = array();
while ($row = mysql_fetch_assoc($result))
$array[] = $row['pid'];
return $array;
}
function getPermissionsForGroup ($group)
{
$result = safeQuery("select permissions.pid from group_perm, permissions " .
"where permissions.pid = group_perm.permission and " .
"group_perm.group = %d", $group);
$array = array();
while ($row = mysql_fetch_row($result))
$array[] = $row[0];
return $array;
}
function grantPermissionToGroup ($permPid, $groupPid)
{
// Ensure that a duplicate row doesn't already exist
$result = safeQuery("select * from group_perm where permission = %d and `group` = %d", $permPid, $groupPid);
if (mysql_num_rows($result) == 0)
safeQuery("insert into group_perm set permission = %d, `group` = %d", $permPid, $groupPid);
}
function revokePermissionFromGroup ($permPid, $groupPid)
{
safeQuery("delete from group_perm where permission = %d and `group` = %d", $permPid, $groupPid);
}
// Delete all references to the permission
// (so, look at the permissions and group_perm tables)
function removePermission ($pid)
{
safeQuery("delete from group_perm where permission = %d", $pid);
safeQuery("delete from permissions where pid = %d", $pid);
}
?>