Index: trunk/core/units/general/helpers/permissions_helper.php
===================================================================
diff -u -N -r5431 -r5514
--- trunk/core/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 5431)
+++ trunk/core/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 5514)
@@ -1,14 +1,14 @@
Application->getUnitOption('perm', 'TableName');
@@ -19,25 +19,25 @@
FROM '.$perm_table.'
WHERE (GroupId = '.$group_id.') AND (CatId = '.$cat_id.') AND (Type = '.$type.')';
$permissions = $this->Conn->Query($sql, 'Permission');
-
+
$this->Permissions = Array();
foreach ($permissions as $perm_name => $perm_options) {
$perm_record['value'] = $perm_options['PermissionValue'];
$perm_record['id'] = $perm_options['PermissionId'];
$this->Permissions[$perm_name] = $perm_record;
}
}
-
+
function getPermissionValue($perm_name)
{
return isset($this->Permissions[$perm_name]) ? $this->Permissions[$perm_name]['value'] : 0;
}
-
+
function getPermissionID($perm_name)
{
return isset($this->Permissions[$perm_name]) ? $this->Permissions[$perm_name]['id'] : 0;
}
-
+
/**
* This is old permission like ADMIN or LOGIN
*
@@ -49,7 +49,7 @@
{
return $section_name == 'in-portal:root' && $perm_name != 'view';
}
-
+
/**
* Returns permission names to check based on event name and item prefix (main item or subitem)
*
@@ -59,22 +59,22 @@
function getPermissionByEvent(&$event, $perm_mapping)
{
$top_prefix = $event->getEventParam('top_prefix');
-
+
$pefix_type = ($top_prefix == $event->Prefix) ? 'self' : 'subitem';
$perm_mapping = getArrayValue($perm_mapping, $event->Name);
-
+
if (!$perm_mapping[$pefix_type]) {
trigger_error('Permission mappings not defined for event '.$top_prefix.' <- '.$event->Prefix.':'.$event->Name.'', E_USER_ERROR);
}
-
+
if ($perm_mapping[$pefix_type] === true) {
// event is defined in mapping but is not checked by permissions
return true;
}
-
+
return explode('|', $perm_mapping[$pefix_type]);
}
-
+
/**
* Common event permission checking method
*
@@ -86,15 +86,15 @@
if (preg_match('/^CATEGORY:(.*)/', $section)) {
return $this->CheckEventCategoryPermission($event, $perm_mapping);
}
-
+
$top_prefix = $event->getEventParam('top_prefix');
$check_perms = $this->getPermissionByEvent($event, $perm_mapping);
-
+
if ($check_perms === true) {
// event is defined in mapping but is not checked by permissions
return true;
}
-
+
$perm_status = false;
foreach ($check_perms as $perm_name) {
// check if at least one of required permissions is set
@@ -108,7 +108,7 @@
return $perm_status;
}
}
-
+
if (!$perm_status) {
if ($this->Application->isDebugMode()) {
// for debugging purposes
@@ -121,7 +121,7 @@
}
return $perm_status;
}
-
+
/**
* Checks non-system permission on event per category basis
*
@@ -141,14 +141,14 @@
else {
$id = $event_handler->getPassedID($event);
}
-
+
$item_prefix = $this->Application->getUnitOption($top_prefix, 'PermItemPrefix');
-
+
// 1. get primary category of category item
$id_field = $this->Application->getUnitOption($top_prefix, 'IDField');
$table_name = $this->Application->getUnitOption($top_prefix, 'TableName');
$ci_table = $this->Application->getUnitOption('ci', 'TableName');
-
+
if (!$id) {
// item being created -> check by current (before editing started, saved in OnPreCreate event) category permissions
$category_id = $this->Application->RecallVar('m_cat_id');
@@ -161,7 +161,7 @@
WHERE (main_table.'.$id_field.' = '.$id.') AND (ci.PrimaryCat = 1)';
$category_id = $this->Conn->GetOne($sql);
}
-
+
if ((substr($event->Name, 0, 9) == 'OnPreSave') || ($event->Name == 'OnSave')) {
if ($event_handler->isNewItemCreate($event)) {
return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id);
@@ -170,15 +170,15 @@
return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id) || $this->CheckPermission($item_prefix.'.MODIFY', 0, $category_id);
}
}
-
+
$perm_status = false;
$check_perms = $this->getPermissionByEvent($event, $event_perm_mapping);
-
+
if ($check_perms === true) {
// event is defined in mapping but is not checked by permissions
return true;
}
-
+
foreach ($check_perms as $perm_name) {
// check if at least one of required permissions is set
if (!isset($perm_mapping[$perm_name])) {
@@ -188,12 +188,12 @@
$perm_name = $item_prefix.'.'.$perm_mapping[$perm_name];
$this->showDebug('Event '.$event->Name.' permission(-s): '.$perm_name.'', Array());
$perm_status = $this->CheckPermission($perm_name, 0, $category_id);
-
+
if ($perm_status) {
return $perm_status;
}
}
-
+
if (!$perm_status) {
$event->SetRedirectParam('index_file', 'index.php'); // because called from browse.php
if ($this->Application->isDebugMode()) {
@@ -207,19 +207,19 @@
}
return $perm_status;
}
-
+
function showDebug($text, $params)
{
$is_ajax = $this->Application->GetVar('ajax') == 'yes' || isset($params['ajax']) || isset($params['tab_init']);
if (!$this->Application->isDebugMode() || $is_ajax) return true;
echo $text.'
';
}
-
+
function TagPermissionCheck($params, $tag_name)
{
$perm_event = getArrayValue($params, 'perm_event');
$permission_groups = getArrayValue($params, 'permissions');
-
+
if ($permission_groups) {
$this->showDebug('Tag '.$tag_name.' permission(-s): '.$permission_groups.'', $params);
$permission_groups = explode('|', $permission_groups);
@@ -231,7 +231,7 @@
$has_permission = $has_permission && $this->CheckPermission($permission, isset($params['system']) && $params['system'] ? 1 : 0);
}
$group_has_permission = $group_has_permission || $has_permission;
-
+
if ($group_has_permission) {
return true;
}
@@ -244,10 +244,10 @@
$event_handler =& $this->Application->recallObject($prefix.'_EventHandler');
return $event_handler->CheckPermission( new kEvent($perm_event) );
}
-
+
return true;
}
-
+
/**
* Returns no permission template to redirect to
*
@@ -260,7 +260,7 @@
if ($next_t = getArrayValue($params, 'next_template')) {
$t = $next_t;
}
-
+
if (!$this->Application->LoggedIn()) {
$redirect_template = $params['login_template'];
$redirect_params = Array('next_template' => $t);
@@ -272,17 +272,17 @@
else {
$redirect_template = $this->Application->IsAdmin() ? 'no_permission' : $this->Application->ConfigValue('NoPermissionTemplate');
}
-
+
$redirect_params = $this->Application->isDebugMode() ? Array('from_template' => 1, 'perms' => $params[ isset($params['permissions']) ? 'permissions' : 'perm_event'], 'next_template' => $t) : Array();
}
-
+
if (isset($params['index_file']) && $params['index_file']) {
$redirect_params['index_file'] = $params['index_file'];
}
-
+
return Array($redirect_template, $redirect_params);
}
-
+
/**
* Check current user permissions based on it's group permissions in specified category (for non-system permissions) or just checks if system permission is set
*
@@ -297,26 +297,26 @@
// "root" is allowed anywhere
return $name == 'SYSTEM_ACCESS.READONLY' ? 0 : 1;
}
-
+
if ($type == 1) {
// "system" permission are always checked per "Home" category (ID = 0)
$cat_id = 0;
}
-
+
if (!isset($cat_id)) {
$cat_id = $this->Application->GetVar('m_cat_id');
}
-
+
$cache_key = $name.'|'.$type.'|'.$cat_id;
$perm_value = $this->Application->getCache('permissions', $cache_key);
if ($perm_value !== false) {
return $perm_value;
}
-
+
// perm cache is build only based on records in db, that's why if permission is not explicitly denied, then
// that (perm cache creator) code thinks that it is allowed & adds corresponding record and code below will
// return incorrect results
-
+
if (preg_match('/(.*)\.VIEW$/', $name) && ($type == 0)) {
// cached view permission of category: begin
$sql = 'SELECT PermissionConfigId
@@ -327,20 +327,20 @@
$sql = 'SELECT PermId
FROM '.TABLE_PREFIX.'PermCache
WHERE (PermId = '.$perm_id.') AND (CategoryId = '.$cat_id.')';
-
+
$view_filters = Array();
$groups = explode(',', $this->Application->RecallVar('UserGroups'));
foreach ($groups as $group) {
$view_filters[] = 'FIND_IN_SET('.$group.', ACL)';
}
$sql .= ' AND ('.implode(' OR ', $view_filters).')';
- $perm_value = $this->Conn->GetOne($sql) ? 1 : 0;
-
+ $perm_value = $this->Conn->GetOne($sql) ? 1 : 0;
+
$this->Application->setCache('permissions', $cache_key, $perm_value);
- return $perm_value;
+ return $perm_value;
// cached view permission of category: end
}
-
+
if ($cat_id == 0) {
$cat_hierarchy = Array(0);
}
@@ -355,20 +355,20 @@
$cat_hierarchy = array_reverse($cat_hierarchy);
array_push($cat_hierarchy, 0);
}
-
- $perm_value = 0;
+
+ $perm_value = 0;
$groups = $this->Application->RecallVar('UserGroups');
foreach ($cat_hierarchy as $category_id) {
$sql = 'SELECT SUM(PermissionValue)
FROM '.TABLE_PREFIX.'Permissions
WHERE Permission = "'.$name.'" AND CatId = '.$category_id.' AND GroupId IN ('.$groups.') AND Type = '.$type;
$res = $this->Conn->GetOne($sql);
- if ($res !== false) {
+ if ($res !== false && !is_null($res)) {
$perm_value = $res ? 1 : 0;
break;
}
}
-
+
$this->Application->setCache('permissions', $cache_key, $perm_value);
return $perm_value;
}