Location: PHPKode > projects > Work Tracker > work-tracker-0.1/includes/functions/permissions.func.php
<?php
/* $Id: permissions.func.php 2 2004-08-05 21:42:03Z eroberts $ */

/* {{{ Function: is_admin */
/**
 * Determine if a user is an admin
 *
 * @param integer $userid
 * @returns boolean
 */
function is_admin($userid = null)
{
  global $dbi;

  if (!is_array($_ENV['admin'])) {
    $_ENV['admin'] = array();
  }

  if (empty($userid)) {
    $userid = $_SESSION['userid'];
  }
  
  if (array_key_exists($userid,$_ENV['admin'])) {
    return $_ENV['admin'][$userid];
  } else {
    // form query to get admin
    $sql  = "SELECT admin ";
    $sql .= "FROM users ";
    $sql .= "WHERE userid='$userid'";
    $admin = $dbi->fetch_one($sql);
    if ($admin == "t") {
      $_ENV['admin'][$userid] = TRUE;
      return TRUE;
    }

    $_ENV['admin'][$userid] = FALSE;
    return FALSE;
  }
  
  return FALSE;
}
/* }}} */

/* {{{ Function: is_employee */
/**
 * Determines whether or not the user is an employee
 *
 * @param integer $userid ID of user to check
 * @returns boolean
 */
function is_employee($userid = null)
{
  global $dbi;

  if (empty($userid)) {
    $userid = $_SESSION['userid'];
  }

  if (is_admin($userid)) {
    return TRUE;
  }

  $sql  = "SELECT userid ";
  $sql .= "FROM group_users ";
  $sql .= "WHERE userid='$userid' ";
  $sql .= "AND gid='"._EMPLOYEES_."'";
  $emp = $dbi->fetch_one($sql);
  if (!is_null($emp)) {
    return TRUE;
  } 

  return FALSE;
}
/* }}} */

/* {{{ Function: is_manager */
/**
 * Determine if a user is a manager
 *
 * @param integer $userid ID of user to check
 * @returns boolean
 */
function is_manager($userid = null)
{
  global $dbi;

  if (empty($userid)) {
    $userid = $_SESSION['userid'];
  }

  if (is_admin($userid)) {
    return TRUE;
  }

  if (is_employee($userid)
  and permission_check("update_group",_EMPLOYEES_,$userid)) {
    return TRUE;
  }

  return FALSE;
}
/* }}} */

/* {{{ Function: permission_set */
/**
 * Retrieve the permission set for a given user in a given group
 *
 * @param integer $gid ID of group to look in
 * @param integer $userid ID of user to get permission set for
 * @returns array
 */
function permission_set($gid,$userid = null)
{
  global $dbi;

  $pset = array();

  if (empty($userid)) {
    $userid = $_SESSION['userid'];
  }

  $sql  = "SELECT p.permissions,g.perm_set ";
  $sql .= "FROM group_users g, permission_sets p ";
  $sql .= "WHERE g.userid='$userid' ";
  $sql .= "AND g.gid='$gid' ";
  $sql .= "AND g.perm_set = p.permsetid";
  $result = $dbi->query($sql);
  if ($dbi->num_rows($result) > 0) {
    list($pset,$id) = $dbi->fetch($result);
    $pset = explode(",",stripslashes($pset));

    if (!is_array($pset)) {
      logger("Permission set $id returns none arrary.","permissions");
      return;
    }
  }

  return $pset;
}
/* }}} */

/* {{{ Function: permission_set_id */
/**
 * Retrieve the permission set id for a given user in a given group
 *
 * @param integer $gid ID of group to look in
 * @param integer $userid ID of user to get permission set for
 * @return integer
 */
function permission_set_id($gid,$userid = null)
{
  global $dbi;

  if (empty($userid)) {
    $userid = $_SESSION['userid'];
  }

  $sql  = "SELECT perm_set ";
  $sql .= "FROM group_users ";
  $sql .= "WHERE userid='$userid' ";
  $sql .= "AND gid='$gid'";
  $result = $dbi->query($sql);
  if ($dbi->num_rows($result) > 0) {
    list($id) = $dbi->fetch($result);

    return $id;
  }

  return;
}
/* }}} */

/* {{{ Function: permission */
/**
 * Retrieve the text of a permission
 *
 * @param integer $permid ID of permission
 */
function permission($permid)
{
  global $dbi;

  $sql  = "SELECT permission ";
  $sql .= "FROM permissions ";
  $sql .= "WHERE permid='$permid'";
  $result = $dbi->query($sql);
  if ($dbi->num_rows($result) > 0) {
    list($permission) = $dbi->fetch($result);
    return $permission;
  }

  return "UNKNOWN";
}
/* }}} */

/* {{{ Function: permission_set_name */
/**
 * Retrieve the permission set name for a permission set id
 *
 * @param integer $psetid ID of the permission set
 * @return string
 */
function permission_set_name($psetid)
{
  global $dbi;

  $sql  = "SELECT name ";
  $sql .= "FROM permission_sets ";
  $sql .= "WHERE permsetid='$psetid'";
  $result = $dbi->query($sql);
  if ($dbi->num_rows($result) > 0) {
    list($name) = $dbi->fetch($result);

    return $name;
  }

  return;
}
/* }}} */

/* {{{ Function: permission_check */
/**
 * Determine if a user has a certain permission
 *
 * @param string $priv Privilege to be checked
 * @param integer $userid ID of user to check
 * @param integer $gid ID of group to check
 * @returns boolean
 */
function permission_check($perm,$gid = null,$userid = null)
{
  global $dbi;

  if (empty($userid)) {
    $userid = $_SESSION['userid'];
  }

  if(is_admin($userid)){
    return TRUE;
  }

  $sql  = "SELECT permid,group_perm,user_perm ";
  $sql .= "FROM permissions ";
  $sql .= "WHERE permission='$perm'";
  $result = $dbi->query($sql);
  if ($dbi->num_rows($result) > 0) {
    list($permid,$group,$user) = $dbi->fetch($result);
    $dbi->free($result);
  } else {
    logger("Lookup against unknown permission ($perm).","permissions");
    return FALSE;
  }

  if ($user == "t") {
    $sql  = "SELECT userid ";
    $sql .= "FROM user_permissions ";
    $sql .= "WHERE userid='$userid' ";
    $sql .= "AND permid='$permid'";
    $result = $dbi->query($sql);
    if ($dbi->num_rows($result) > 0) {
      $dbi->free($result);
      return TRUE;
    }
  }

  if ($group == "t") {
    if ($userid == $_SESSION['userid']) {
      $user_groups = $_SESSION['groups'];
    } else {
      $user_groups = user_groups($userid);
    }

    foreach ($user_groups as $key => $val) {
      $sql  = "SELECT permid ";
      $sql .= "FROM group_permissions ";
      $sql .= "WHERE permid='$permid' ";
      $sql .= "AND gid='$val'";
      $result = $dbi->query($sql);
      if ($dbi->num_rows($result) > 0) {
        $dbi->free($result);
        return TRUE;
      }
    }

    return FALSE;
  }

  if (!is_null($gid)) {
    $pset = permission_set($gid,$userid);
    
    if (in_array($perm,$pset)) {
      return TRUE;
    }
  
    $sql  = "SELECT s.parent_gid ";
    $sql .= "FROM sub_groups s,groups g ";
    $sql .= "WHERE s.parent_gid=g.gid ";
    $sql .= "AND s.child_gid='$gid' ";
    $sql .= "AND g.prop_user='t'";
    $result = $dbi->query($sql);
    if ($dbi->num_rows($result) > 0) {
      list($parent) = $dbi->fetch($result);
      $dbi->free($result);
      if (!empty($parent)) {
        $pset = permission_set($parent,$userid);
     
        if (in_array($perm,$pset)) {
          return TRUE;
        }
      }
    }

    $sql  = "SELECT child_gid ";
    $sql .= "FROM sub_groups ";
    $sql .= "WHERE parent_gid='$gid' ";
    $sql .= "AND prop_issue='t'";
    $result = $dbi->query($sql);
    if ($dbi->num_rows($result) > 0) {
      while (list($child) = $dbi->fetch($result)) {
        $pset = permission_set($child,$userid);

        if (in_array($perm,$pset)) {
          $dbi->free($result);
          return TRUE;
        }
      }

      $dbi->free($result);
    }
  } else {
    foreach ($_SESSION['groups'] as $key => $val) {
      $pset = permission_set($val,$userid);

      if (in_array($perm,$pset)) {
        return TRUE;
      }

      $sql  = "SELECT s.parent_gid ";
      $sql .= "FROM sub_groups s,groups g ";
      $sql .= "WHERE s.parent_gid=g.gid ";
      $sql .= "AND s.child_gid='$val' ";
      $sql .= "AND g.prop_user='t'";
      $result = $dbi->query($sql);
      if ($dbi->num_rows($result) > 0) {
        list($parent) = $dbi->fetch($result);
        $dbi->free($result);
        if (!empty($parent)) {
          $pset = permission_set($parent,$userid);
       
          if (in_array($perm,$pset)) {
            return TRUE;
          }
        }
      }

      $sql  = "SELECT child_gid ";
      $sql .= "FROM sub_groups ";
      $sql .= "WHERE parent_gid='$val' ";
      $sql .= "AND prop_issue='t'";
      $result = $dbi->query($sql);
      if ($dbi->num_rows($result) > 0) {
        while (list($child) = $dbi->fetch($result)) {
          $pset = permission_set($child,$userid);

          if (in_array($perm,$pset)) {
            $dbi->free($result);
            return TRUE;
          }
        }

        $dbi->free($result);
      }
    }
  }

  return FALSE;
}
/* }}} */

/* {{{ Function: authenticate */
/**
 * Attempt to authenticate a user
 *
 * @param string $username Username of user
 * @param string $password Password of user
 * @return boolean|integer
 */
function authenticate($username,$password)
{
  global $dbi;

  // The login actuall allows users to login by
  // their username or email address, both of
  // which should be unique to each user
  // so now we have to determine which one we're
  // looking up
  $field = ereg("@",$username) ? "email" : "username";

  $sql  = "SELECT username,userid,theme ";
  $sql .= "FROM users ";
  $sql .= "WHERE LOWER($field)=LOWER('".addslashes($username)."') ";
  $sql .= "AND password='".md5($password)."' ";
  $sql .= "AND active='t'";
  $result = $dbi->query($sql);
  if($dbi->num_rows($result) > 0){
    list($username,$uid,$theme) = $dbi->fetch($result);

    // If we're calling the authentication function from
    // the browser then make sure to define the needed
    // session variables, and then redirect to the user
    if (defined("BROWSER")) {
      $_SESSION['userid'] = $uid;
      $_SESSION['javascript'] = $_POST['javascript'] == "enabled" ? "t" : "f";
      $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
      $_SESSION['theme'] = !empty($theme) ? $theme : $_SESSION['theme'];
      $_SESSION['prefs'] = user_preferences($uid);

      if (empty($_SESSION['prefs']['show_fields'])) {
        $_SESSION['prefs']['show_fields'] = array();
      } else {
        $_SESSION['prefs']['show_fields'] = explode(",",$_SESSION['prefs']['show_fields']);
      }
      if (empty($_SESSION['prefs']['sort_by'])) {
        $_SESSION['prefs']['sort_by'] = "issueid";
      }
      if (empty($_SESSION['prefs']['word_wrap'])) {
        $_SESSION['prefs']['word_wrap'] = 80;
      }

      logger("$username logged in.","logins");

      if (!empty($_POST['request'])) {
        redirect("/?".$_POST['request']);
      } else {
        redirect();	
      }
    } else {
      // If we're not calling authentication
      // from the browser then just return
      // the retrieved userid
      return $uid;
    }
  } else {
    // If we didnt pull a userid then just return error message
    // for the browser and FALSE if not
    if (defined("BROWSER")) {
      push_error("Invalid login and/or password.");
    } else {
      return FALSE;
    }
  }
}
/* }}} */

/* {{{ Function: group_permission */
/**
 * Determine if a permission is a group permission
 *
 * @param integer $permid ID of permission
 * @return boolean
 */
function group_permission($permid)
{
  global $dbi;

  $sql  = "SELECT group_perm ";
  $sql .= "FROM permissions ";
  $sql .= "WHERE permid='$permid'";
  $result = $dbi->query($sql);
  if ($dbi->num_rows($result) > 0) {
    list($group) = $dbi->fetch($result);
    $dbi->free($result);
    
    if ($group == "t") {
      return TRUE;
    }
  }

  return FALSE;
}
/* }}} */
?>
Return current item: Work Tracker