<?php defined('SYSPATH') OR die('No direct access to this file is allowed.');
/**
* ACL and security.
*
* @package Noostr
* @subpackage Classes
*/
class ACL {
private $allrights = array(); // all available rights
private $allroles = array(); // all available roles
private $data = array(); // current user rights
private $index = array(); // intersection data
private $matrix = array(); // table of rights/roles
public $admin; // admin RoleID
public $anon; // anonymous RoleID
public $default; // default RoleID
public function __construct() {
global $db, $user;
$x = null;
$y = null;
// Generate matrix of roles/rights
$this->allrights = $db->query('select name, uid from '.PREFIX.'rights');
$this->allroles = $db->query('select name, uid, level, `default` from '.PREFIX.'roles order by level');
$this->index = $db->query('select roleid, rightid from '.PREFIX.'roles_rights');
for ($i = 0, $c = count($this->allroles); $i < $c; $i++) {
if ($this->allroles[$i]['uid'] > $this->admin) {
$this->admin = $this->allroles[$i]['uid'];
}
if ($this->allroles[$i]['default']) {
$this->default = $this->allroles[$i]['uid'];
}
if ($this->allroles[$i]['level'] == 1) {
$this->anon = $this->allroles[$i]['uid'];
}
for ($j = 0, $d = count($this->allrights); $j < $d; $j++) {
for ($k = 0, $e = count($this->index); $k < $e; $k++) {
$x = $this->allroles[$i]['uid'];
$y = $this->allrights[$j]['uid'];
if ($this->index[$k]['roleid'] == $x && $this->index[$k]['rightid'] == $y) {
$this->matrix[$x][$y] = true;
} else {
if (!isset($this->matrix[$x][$y])) {
$this->matrix[$x][$y] = false;
}
}
}
}
}
//print_r($this->matrix);
// Load the current user's rights
if ($user->roleid == null) {
for ($i = 0, $c = count($this->allroles); $i < $c; $i++) {
// The "anonymous" user is always level 1
if ($this->allroles[$i]['level'] == 1) {
$user->roleid = $this->allroles[$i]['uid'];
}
}
}
$this->load($db->query('select r.name from '.PREFIX.'rights r, '.PREFIX.'roles_rights o where o.roleid = ? and o.rightid = r.uid', $user->roleid));
}
public function __set($name, $value = '') {
$this->data[$name] = $value;
}
public function __get($name) {
$return = false;
if (is_array($this->data)) {
if (array_key_exists($name, $this->data)) {
$return = $this->data[$name];
}
}
return $return;
}
public function load($rights) {
for ($i = 0, $c = count($rights); $i < $c; $i++) {
$this->data[$rights[$i]['name']] = true;
}
}
/**
* Compares the rights between the two input roles. The second input must have
* at least the same rights as the first input in order to return TRUE.
*
* @param string $pagerole RoleID of the page
* @param string $userrole RoleID of the user
* @return bool
*/
public function canSee($pagerole, $userrole) {
$return = false;
if ($pagerole == null) {
//All non-DB internal pages require level 1 (anonymous)
$pagerole = $this->anon;
}
// Err on the side of allowance.
$pagelevel = 0;
$userlevel = 0;
// $userrole must have at least same level as $pagerole.
for ($i = 0, $c = count($this->allroles); $i < $c; $i++) {
if ($this->allroles[$i]['uid'] == $pagerole) {
$pagelevel = $this->allroles[$i]['level'];
}
if ($this->allroles[$i]['uid'] == $userrole) {
$userlevel = $this->allroles[$i]['level'];
}
}
if ($userlevel >= $pagelevel) {
$return = true;
}
return $return;
}
/**
* Retrieves all the rights for a given Role ID.
*
* @param string $roleid ID of the role you want the rights-list for
* @return array|bool FALSE if the $roleid doesn't exist, array of rights otherwise
*/
public function getAllRights($roleid) {
$return = array();
if (isset($this->matrix[$roleid])) {
$return[] = $this->matrix[$roleid];
}
return $return;
}
public function getAllRoles() {
$return = $this->allroles;
return $return;
}
}