Index: trunk/kernel/units/general/helpers/permissions_helper.php
===================================================================
diff -u -N -r4762 -r4840
--- trunk/kernel/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 4762)
+++ trunk/kernel/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 4840)
@@ -76,15 +76,15 @@
}
/**
- * Checks permissions of user
+ * Common event permission checking method
*
* @param kEvent $event
*/
- function CheckPermission(&$event, $perm_mapping)
+ function CheckEventPermission(&$event, $perm_mapping)
{
$section = $event->getSection();
if (preg_match('/^CATEGORY:(.*)/', $section)) {
- return $this->CheckCategoryPermission($event, $perm_mapping);
+ return $this->CheckEventCategoryPermission($event, $perm_mapping);
}
$top_prefix = $event->getEventParam('top_prefix');
@@ -99,7 +99,7 @@
foreach ($check_perms as $perm_name) {
// check if at least one of required permissions is set
$perm_name = $section.'.'.$perm_name;
- $perm_status = $this->Application->CheckPermission($perm_name, 1);
+ $perm_status = $this->CheckPermission($perm_name, 1);
if (($perm_name == $section.'.add') && $perm_status && ($top_prefix == $event->Prefix)) {
// main item, add permission allowed, but ID is > 0, then deny permission
// how to get id here
@@ -123,17 +123,12 @@
}
/**
- * Check permissions
+ * Checks non-system permission on event per category basis
*
* @param kEvent $event
*/
- function CheckCategoryPermission(&$event, $event_perm_mapping)
+ function CheckEventCategoryPermission(&$event, $event_perm_mapping)
{
- // would be better to check this too, but we have no such ermission for now
- /*if ($event->Name == 'OnRateProduct') {
- return $this->Application->CheckPermission('PRODUCT.RATE', 0);
- }*/
-
// mapping between specific permissions and common permissions
$perm_mapping = Array('add' => 'ADD', 'edit' => 'MODIFY', 'delete' => 'DELETE', 'view' => 'VIEW');
@@ -169,10 +164,10 @@
if ((substr($event->Name, 0, 9) == 'OnPreSave') || ($event->Name == 'OnSave')) {
if ($event_handler->isNewItemCreate($event)) {
- return $this->Application->CheckPermission($item_prefix.'.ADD', 0, $category_id);
+ return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id);
}
else {
- return $this->Application->CheckPermission($item_prefix.'.ADD', 0, $category_id) || $this->Application->CheckPermission($item_prefix.'.MODIFY', 0, $category_id);
+ return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id) || $this->CheckPermission($item_prefix.'.MODIFY', 0, $category_id);
}
}
@@ -191,8 +186,8 @@
continue;
}
$perm_name = $item_prefix.'.'.$perm_mapping[$perm_name];
- echo 'event_name: '.$event->Name.'; permission: '.$perm_name.'
';
- $perm_status = $this->Application->CheckPermission($perm_name, 0, $category_id);
+ $this->showDebug('Event '.$event->Name.' permission(-s): '.$perm_name.'');
+ $perm_status = $this->CheckPermission($perm_name, 0, $category_id);
if ($perm_status) {
return $perm_status;
@@ -212,6 +207,161 @@
}
return $perm_status;
}
+
+ function showDebug($text)
+ {
+ if (!$this->Application->isDebugMode()) return true;
+ echo $text.'
';
+ }
+
+ function TagPermissionCheck($params, $tag_name)
+ {
+ $perm_event = getArrayValue($params, 'perm_event');
+ $permission_groups = getArrayValue($params, 'permissions');
+
+ if ($permission_groups) {
+ $this->showDebug('Tag '.$tag_name.' permission(-s): '.$permission_groups);
+ $permission_groups = explode('|', $permission_groups);
+ $group_has_permission = false;
+ foreach ($permission_groups as $permission_group) {
+ $permissions = explode(',', $permission_group);
+ $has_permission = true;
+ foreach ($permissions as $permission) {
+ $has_permission = $has_permission && $this->CheckPermission($permission, isset($params['system']) && $params['system'] ? 1 : 0);
+ }
+ $group_has_permission = $group_has_permission || $has_permission;
+
+ if ($group_has_permission) {
+ return true;
+ }
+ }
+ return false;
+ }
+ elseif ($perm_event) {
+ list($prefix, $event) = explode(':', $perm_event);
+ $event_handler =& $this->Application->recallObject($prefix.'_EventHandler');
+ return $event_handler->CheckPermission( new kEvent($perm_event) );
+ }
+
+ return true;
+ }
+
+ /**
+ * Returns no permission template to redirect to
+ *
+ * @param Array $params
+ * @return Array
+ */
+ function getPermissionTemplate($params)
+ {
+ $t = $this->Application->GetVar('t');
+ if ($next_t = getArrayValue($params, 'next_template')) {
+ $t = $next_t;
+ }
+
+ if (!$this->Application->LoggedIn()) {
+ $redirect_template = $params['login_template'];
+ $redirect_params = Array('next_template' => $t);
+ }
+ else {
+ if (isset($params['no_permissions_template'])) {
+ $redirect_template = $params['no_permissions_template'];
+ }
+ else {
+ $redirect_template = $this->Application->IsAdmin() ? 'no_permission' : $this->Application->ConfigValue('NoPermissionTemplate');
+ }
+
+ $redirect_params = $this->Application->isDebugMode() ? Array('from_template' => 1, 'perms' => $params['permissions'], 'next_template' => $t) : Array();
+ }
+
+ return Array($redirect_template, $redirect_params);
+ }
+
+ /**
+ * Check current user permissions based on it's group permissions in specified category (for non-system permissions) or just checks if system permission is set
+ *
+ * @param string $name permission name
+ * @param int $cat_id category id, current used if not specified
+ * @param int $type permission type {1 - system, 0 - per category}
+ * @return int
+ */
+ function CheckPermission($name, $type = 1, $cat_id = null)
+ {
+ if ($this->Application->GetVar('u_id') == -1) {
+ // "root" is allowed anywhere
+ return $name == 'SYSTEM_ACCESS.READONLY' ? 0 : 1;
+ }
+
+ if ($type == 1) {
+ // "system" permission are always checked per "Home" category (ID = 0)
+ $cat_id = 0;
+ }
+
+ if (!isset($cat_id)) {
+ $cat_id = $this->Application->GetVar('m_cat_id');
+ }
+
+ $cache_key = $name.'|'.$type.'|'.$cat_id;
+ $perm_value = $this->Application->getCache('permissions', $cache_key);
+ if ($perm_value !== false) {
+ return $perm_value;
+ }
+
+ // perm cache is build only based on records in db, that's why if permission is not explicitly denied, then
+ // that (perm cache creator) code thinks that it is allowed & adds corresponding record and code below will
+ // return incorrect results
+
+ /*if (preg_match('/(.*)\.VIEW$/', $name) && ($type == 0)) {
+ // cached view permission of category: begin
+ $sql = 'SELECT perm_cache.PermId
+ FROM '.TABLE_PREFIX.'PermCache perm_cache
+ LEFT JOIN '.TABLE_PREFIX.'PermissionConfig perm_config ON perm_cache.PermId = perm_config.PermissionConfigId
+ WHERE (perm_config.PermissionName = '.$this->Conn->qstr($name).' AND perm_cache.CategoryId = '.$cat_id.')';
+
+ $view_filters = Array();
+ $groups = explode(',', $this->Application->RecallVar('UserGroups'));
+ foreach ($groups as $group) {
+ $view_filters[] = 'FIND_IN_SET('.$group.', perm_cache.ACL) || ((NOT FIND_IN_SET('.$group.', perm_cache.DACL)) AND perm_cache.ACL = \'\')';
+ }
+ $sql .= ' AND ('.implode(' OR ', $view_filters).')';
+ $perm_value = $this->Conn->GetOne($sql) ? 1 : 0;
+
+ $this->Application->setCache('permissions', $cache_key, $perm_value);
+ return $perm_value;
+ // cached view permission of category: end
+ }*/
+
+ if ($cat_id == 0) {
+ $cat_hierarchy = Array(0);
+ }
+ else {
+ $sql = 'SELECT ParentPath
+ FROM '.$this->Application->getUnitOption('c', 'TableName').'
+ WHERE CategoryId = '.$cat_id;
+ $cat_hierarchy = $this->Conn->GetOne($sql);
+ $cat_hierarchy = explode('|', $cat_hierarchy);
+ array_shift($cat_hierarchy);
+ array_pop($cat_hierarchy);
+ $cat_hierarchy = array_reverse($cat_hierarchy);
+ array_push($cat_hierarchy, 0);
+ }
+
+ $perm_value = 0;
+ $groups = $this->Application->RecallVar('UserGroups');
+ foreach ($cat_hierarchy as $category_id) {
+ $sql = 'SELECT PermissionValue
+ FROM '.TABLE_PREFIX.'Permissions
+ WHERE Permission = "'.$name.'" AND CatId = '.$category_id.' AND GroupId IN ('.$groups.') AND Type = '.$type;
+ $res = $this->Conn->GetOne($sql);
+ if ($res !== false) {
+ $perm_value = $res;
+ break;
+ }
+ }
+
+ $this->Application->setCache('permissions', $cache_key, $perm_value);
+ return $perm_value;
+ }
}
?>
\ No newline at end of file
Index: trunk/core/kernel/application.php
===================================================================
diff -u -N -r4814 -r4840
--- trunk/core/kernel/application.php (.../application.php) (revision 4814)
+++ trunk/core/kernel/application.php (.../application.php) (revision 4840)
@@ -1977,48 +1977,8 @@
*/
function CheckPermission($name, $type = 1, $cat_id = null)
{
- if ($this->GetVar('u_id') == -1) {
- // "root" is allowed anywhere
- return $name == 'SYSTEM_ACCESS.READONLY' ? 0 : 1;
- }
-
- if ($type == 1) {
- // "system" permission are always checked per "Home" category (ID = 0)
- $cat_id = 0;
- }
-
- if (!isset($cat_id)) {
- $cat_id = $this->GetVar('m_cat_id');
- }
-
- if ($cat_id == 0) {
- $cat_hierarchy = Array(0);
- }
- else {
- $sql = 'SELECT ParentPath FROM '.$this->getUnitOption('c', 'TableName').' WHERE CategoryId = '.$cat_id;
- $cat_hierarchy = $this->Conn->GetOne($sql);
- $cat_hierarchy = explode('|', $cat_hierarchy);
- array_shift($cat_hierarchy);
- array_pop($cat_hierarchy);
- $cat_hierarchy = array_reverse($cat_hierarchy);
- array_push($cat_hierarchy, 0);
- }
-
- $groups = $this->RecallVar('UserGroups');
-
- foreach ($cat_hierarchy as $category_id) {
- $sql = 'SELECT PermissionValue FROM '.TABLE_PREFIX.'Permissions
- WHERE Permission = "'.$name.'"
- AND CatId = '.$category_id.'
- AND GroupId IN ('.$groups.')
- AND Type = '.$type;
- $res = $this->Conn->GetOne($sql);
- if ($res !== false) {
- return $res;
- }
- }
-
- return 0;
+ $perm_helper =& $this->recallObject('PermissionsHelper');
+ return $perm_helper->CheckPermission($name, $type, $cat_id);
}
/**
Index: trunk/core/kernel/event_handler.php
===================================================================
diff -u -N -r4762 -r4840
--- trunk/core/kernel/event_handler.php (.../event_handler.php) (revision 4762)
+++ trunk/core/kernel/event_handler.php (.../event_handler.php) (revision 4840)
@@ -309,7 +309,7 @@
function CheckPermission(&$event)
{
$perm_helper =& $this->Application->recallObject('PermissionsHelper');
- return $perm_helper->CheckPermission($event, $this->permMapping);
+ return $perm_helper->CheckEventPermission($event, $this->permMapping);
}
/**
Index: trunk/admin/browse.php
===================================================================
diff -u -N -r4243 -r4840
--- trunk/admin/browse.php (.../browse.php) (revision 4243)
+++ trunk/admin/browse.php (.../browse.php) (revision 4840)
@@ -77,8 +77,13 @@
$cat_templates = $objModules->ExecuteFunction('GetModuleInfo', 'catalog_template');
foreach ($cat_templates as $a_mod => $a_template) {
if (!$a_template) continue;
- $a_var = $a_mod.'_TAB_HTML';
- $$a_var = $application->ParseBlock(Array('name'=>$a_template), 0, true);
+
+ $module_prefix = $application->findModule('Name', $a_mod, 'Var');
+ $view_perm = $application->getUnitOption($module_prefix, 'PermItemPrefix').'.VIEW';
+ if ($application->CheckPermission($view_perm, 0)) {
+ $a_var = $a_mod.'_TAB_HTML';
+ $$a_var = $application->ParseBlock(Array('name'=>$a_template), 0, true);
+ }
}
//$application->SetVar('t', 'in-commerce/products/products_catalog');
Index: trunk/core/kernel/processors/main_processor.php
===================================================================
diff -u -N -r4834 -r4840
--- trunk/core/kernel/processors/main_processor.php (.../main_processor.php) (revision 4834)
+++ trunk/core/kernel/processors/main_processor.php (.../main_processor.php) (revision 4840)
@@ -680,6 +680,18 @@
}
/**
+ * Allows to check if permission exists directly in template and perform additional actions if required
+ *
+ * @param Array $params
+ * @return bool
+ */
+ function CheckPermission($params)
+ {
+ $perm_helper =& $this->Application->recallObject('PermissionsHelper');
+ return $perm_helper->TagPermissionCheck($params, 'm_CheckPermission');
+ }
+
+ /**
* Checks if user is logged in and if not redirects it to template passed
*
* @param Array $params
@@ -691,56 +703,31 @@
$t = $next_t;
}
- if ($permission_groups = getArrayValue($params, 'permissions')) {
- echo 'PermGroups: '.$permission_groups.'
';
- $permission_groups = explode('|', $permission_groups);
- $group_has_permission = false;
- foreach ($permission_groups as $permission_group) {
- $permissions = explode(',', $permission_group);
- $has_permission = true;
- foreach ($permissions as $permission) {
- $has_permission = $has_permission && $this->Application->CheckPermission($permission, isset($params['system']) && $params['system'] ? 1 : 0);
- }
- $group_has_permission = $group_has_permission || $has_permission;
-
- if ($group_has_permission) {
- return;
- }
- }
-
- if (!$this->Application->LoggedIn()) {
- $this->Application->Redirect( $params['login_template'], Array('next_template'=>$t) );
- }
- else {
- if (isset($params['no_permissions_template'])) {
- $t = $params['no_permissions_template'];
- }
- else {
- $t = $this->Application->IsAdmin() ? 'no_permission' : $this->Application->ConfigValue('NoPermissionTemplate');
- }
-
- $redirect_params = $this->Application->isDebugMode() ? Array('from_template' => 1, 'perms' => $params['permissions'], 'next_template' => $this->Application->GetVar('t')) : Array();
- $this->Application->Redirect($t, $redirect_params);
- }
+ // check by permissions: begin
+ $perm_helper =& $this->Application->recallObject('PermissionsHelper');
+ $perm_status = $perm_helper->TagPermissionCheck($params, 'm_RequireLogin');
+ if (!$perm_status) {
+ list($redirect_template, $redirect_params) = $perm_helper->getPermissionTemplate($params);
+ $this->Application->Redirect($redirect_template, $redirect_params);
}
-
- $condition = getArrayValue($params,'condition');
- if(!$condition)
- {
+ // check by permissions: end
+
+ // check by configuration value: begin
+ $condition = getArrayValue($params, 'condition');
+ if (!$condition) {
$condition = true;
}
- else
- {
- if( substr($condition,0,1) == '!' )
- {
- $condition = !$this->Application->ConfigValue( substr($condition,1) );
+ else {
+ if (substr($condition, 0, 1) == '!') {
+ $condition = !$this->Application->ConfigValue(substr($condition, 1));
}
- else
- {
+ else {
$condition = $this->Application->ConfigValue($condition);
}
}
-
+ // check by configuration value: end
+
+ // check by belonging to group: begin
$group = $this->SelectParam($params, 'group');
$group_access = true;
if ($group) {
@@ -751,9 +738,9 @@
$group_access = in_array($group_id, $groups);
}
}
-
- if( (!$this->Application->LoggedIn() || !$group_access) && $condition )
- {
+ // check by belonging to group: end
+
+ if ((!$this->Application->LoggedIn() || !$group_access) && $condition) {
if ( $this->Application->LoggedIn() && !$group_access) {
$this->Application->Redirect( $params['no_group_perm_template'], Array('next_template'=>$t) );
}
@@ -763,7 +750,7 @@
if ($session_expired) {
$redirect_params['expired'] = $session_expired;
}
- $this->Application->Redirect( $params['login_template'], $redirect_params);
+ $this->Application->Redirect($params['login_template'], $redirect_params);
}
}
Index: trunk/core/units/general/helpers/permissions_helper.php
===================================================================
diff -u -N -r4762 -r4840
--- trunk/core/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 4762)
+++ trunk/core/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 4840)
@@ -76,15 +76,15 @@
}
/**
- * Checks permissions of user
+ * Common event permission checking method
*
* @param kEvent $event
*/
- function CheckPermission(&$event, $perm_mapping)
+ function CheckEventPermission(&$event, $perm_mapping)
{
$section = $event->getSection();
if (preg_match('/^CATEGORY:(.*)/', $section)) {
- return $this->CheckCategoryPermission($event, $perm_mapping);
+ return $this->CheckEventCategoryPermission($event, $perm_mapping);
}
$top_prefix = $event->getEventParam('top_prefix');
@@ -99,7 +99,7 @@
foreach ($check_perms as $perm_name) {
// check if at least one of required permissions is set
$perm_name = $section.'.'.$perm_name;
- $perm_status = $this->Application->CheckPermission($perm_name, 1);
+ $perm_status = $this->CheckPermission($perm_name, 1);
if (($perm_name == $section.'.add') && $perm_status && ($top_prefix == $event->Prefix)) {
// main item, add permission allowed, but ID is > 0, then deny permission
// how to get id here
@@ -123,17 +123,12 @@
}
/**
- * Check permissions
+ * Checks non-system permission on event per category basis
*
* @param kEvent $event
*/
- function CheckCategoryPermission(&$event, $event_perm_mapping)
+ function CheckEventCategoryPermission(&$event, $event_perm_mapping)
{
- // would be better to check this too, but we have no such ermission for now
- /*if ($event->Name == 'OnRateProduct') {
- return $this->Application->CheckPermission('PRODUCT.RATE', 0);
- }*/
-
// mapping between specific permissions and common permissions
$perm_mapping = Array('add' => 'ADD', 'edit' => 'MODIFY', 'delete' => 'DELETE', 'view' => 'VIEW');
@@ -169,10 +164,10 @@
if ((substr($event->Name, 0, 9) == 'OnPreSave') || ($event->Name == 'OnSave')) {
if ($event_handler->isNewItemCreate($event)) {
- return $this->Application->CheckPermission($item_prefix.'.ADD', 0, $category_id);
+ return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id);
}
else {
- return $this->Application->CheckPermission($item_prefix.'.ADD', 0, $category_id) || $this->Application->CheckPermission($item_prefix.'.MODIFY', 0, $category_id);
+ return $this->CheckPermission($item_prefix.'.ADD', 0, $category_id) || $this->CheckPermission($item_prefix.'.MODIFY', 0, $category_id);
}
}
@@ -191,8 +186,8 @@
continue;
}
$perm_name = $item_prefix.'.'.$perm_mapping[$perm_name];
- echo 'event_name: '.$event->Name.'; permission: '.$perm_name.'
';
- $perm_status = $this->Application->CheckPermission($perm_name, 0, $category_id);
+ $this->showDebug('Event '.$event->Name.' permission(-s): '.$perm_name.'');
+ $perm_status = $this->CheckPermission($perm_name, 0, $category_id);
if ($perm_status) {
return $perm_status;
@@ -212,6 +207,161 @@
}
return $perm_status;
}
+
+ function showDebug($text)
+ {
+ if (!$this->Application->isDebugMode()) return true;
+ echo $text.'
';
+ }
+
+ function TagPermissionCheck($params, $tag_name)
+ {
+ $perm_event = getArrayValue($params, 'perm_event');
+ $permission_groups = getArrayValue($params, 'permissions');
+
+ if ($permission_groups) {
+ $this->showDebug('Tag '.$tag_name.' permission(-s): '.$permission_groups);
+ $permission_groups = explode('|', $permission_groups);
+ $group_has_permission = false;
+ foreach ($permission_groups as $permission_group) {
+ $permissions = explode(',', $permission_group);
+ $has_permission = true;
+ foreach ($permissions as $permission) {
+ $has_permission = $has_permission && $this->CheckPermission($permission, isset($params['system']) && $params['system'] ? 1 : 0);
+ }
+ $group_has_permission = $group_has_permission || $has_permission;
+
+ if ($group_has_permission) {
+ return true;
+ }
+ }
+ return false;
+ }
+ elseif ($perm_event) {
+ list($prefix, $event) = explode(':', $perm_event);
+ $event_handler =& $this->Application->recallObject($prefix.'_EventHandler');
+ return $event_handler->CheckPermission( new kEvent($perm_event) );
+ }
+
+ return true;
+ }
+
+ /**
+ * Returns no permission template to redirect to
+ *
+ * @param Array $params
+ * @return Array
+ */
+ function getPermissionTemplate($params)
+ {
+ $t = $this->Application->GetVar('t');
+ if ($next_t = getArrayValue($params, 'next_template')) {
+ $t = $next_t;
+ }
+
+ if (!$this->Application->LoggedIn()) {
+ $redirect_template = $params['login_template'];
+ $redirect_params = Array('next_template' => $t);
+ }
+ else {
+ if (isset($params['no_permissions_template'])) {
+ $redirect_template = $params['no_permissions_template'];
+ }
+ else {
+ $redirect_template = $this->Application->IsAdmin() ? 'no_permission' : $this->Application->ConfigValue('NoPermissionTemplate');
+ }
+
+ $redirect_params = $this->Application->isDebugMode() ? Array('from_template' => 1, 'perms' => $params['permissions'], 'next_template' => $t) : Array();
+ }
+
+ return Array($redirect_template, $redirect_params);
+ }
+
+ /**
+ * Check current user permissions based on it's group permissions in specified category (for non-system permissions) or just checks if system permission is set
+ *
+ * @param string $name permission name
+ * @param int $cat_id category id, current used if not specified
+ * @param int $type permission type {1 - system, 0 - per category}
+ * @return int
+ */
+ function CheckPermission($name, $type = 1, $cat_id = null)
+ {
+ if ($this->Application->GetVar('u_id') == -1) {
+ // "root" is allowed anywhere
+ return $name == 'SYSTEM_ACCESS.READONLY' ? 0 : 1;
+ }
+
+ if ($type == 1) {
+ // "system" permission are always checked per "Home" category (ID = 0)
+ $cat_id = 0;
+ }
+
+ if (!isset($cat_id)) {
+ $cat_id = $this->Application->GetVar('m_cat_id');
+ }
+
+ $cache_key = $name.'|'.$type.'|'.$cat_id;
+ $perm_value = $this->Application->getCache('permissions', $cache_key);
+ if ($perm_value !== false) {
+ return $perm_value;
+ }
+
+ // perm cache is build only based on records in db, that's why if permission is not explicitly denied, then
+ // that (perm cache creator) code thinks that it is allowed & adds corresponding record and code below will
+ // return incorrect results
+
+ /*if (preg_match('/(.*)\.VIEW$/', $name) && ($type == 0)) {
+ // cached view permission of category: begin
+ $sql = 'SELECT perm_cache.PermId
+ FROM '.TABLE_PREFIX.'PermCache perm_cache
+ LEFT JOIN '.TABLE_PREFIX.'PermissionConfig perm_config ON perm_cache.PermId = perm_config.PermissionConfigId
+ WHERE (perm_config.PermissionName = '.$this->Conn->qstr($name).' AND perm_cache.CategoryId = '.$cat_id.')';
+
+ $view_filters = Array();
+ $groups = explode(',', $this->Application->RecallVar('UserGroups'));
+ foreach ($groups as $group) {
+ $view_filters[] = 'FIND_IN_SET('.$group.', perm_cache.ACL) || ((NOT FIND_IN_SET('.$group.', perm_cache.DACL)) AND perm_cache.ACL = \'\')';
+ }
+ $sql .= ' AND ('.implode(' OR ', $view_filters).')';
+ $perm_value = $this->Conn->GetOne($sql) ? 1 : 0;
+
+ $this->Application->setCache('permissions', $cache_key, $perm_value);
+ return $perm_value;
+ // cached view permission of category: end
+ }*/
+
+ if ($cat_id == 0) {
+ $cat_hierarchy = Array(0);
+ }
+ else {
+ $sql = 'SELECT ParentPath
+ FROM '.$this->Application->getUnitOption('c', 'TableName').'
+ WHERE CategoryId = '.$cat_id;
+ $cat_hierarchy = $this->Conn->GetOne($sql);
+ $cat_hierarchy = explode('|', $cat_hierarchy);
+ array_shift($cat_hierarchy);
+ array_pop($cat_hierarchy);
+ $cat_hierarchy = array_reverse($cat_hierarchy);
+ array_push($cat_hierarchy, 0);
+ }
+
+ $perm_value = 0;
+ $groups = $this->Application->RecallVar('UserGroups');
+ foreach ($cat_hierarchy as $category_id) {
+ $sql = 'SELECT PermissionValue
+ FROM '.TABLE_PREFIX.'Permissions
+ WHERE Permission = "'.$name.'" AND CatId = '.$category_id.' AND GroupId IN ('.$groups.') AND Type = '.$type;
+ $res = $this->Conn->GetOne($sql);
+ if ($res !== false) {
+ $perm_value = $res;
+ break;
+ }
+ }
+
+ $this->Application->setCache('permissions', $cache_key, $perm_value);
+ return $perm_value;
+ }
}
?>
\ No newline at end of file
Index: trunk/core/kernel/db/db_connection.php
===================================================================
diff -u -N -r4758 -r4840
--- trunk/core/kernel/db/db_connection.php (.../db_connection.php) (revision 4758)
+++ trunk/core/kernel/db/db_connection.php (.../db_connection.php) (revision 4840)
@@ -383,19 +383,18 @@
// set 1st checkpoint: begin
$isSkipTable=true;
- $profileSQLs=defined('DBG_SQL_PROFILE')&&DBG_SQL_PROFILE;
+ $profileSQLs=defined('DBG_SQL_PROFILE') && DBG_SQL_PROFILE;
if($profileSQLs)
{
- $isSkipTable=isSkipTable($sql);
- if(!$isSkipTable)
- {
- $queryID=$debugger->generateID();
- $debugger->profileStart('sql_'.$queryID, $debugger->formatSQL($sql) );
+ $isSkipTable = isSkipTable($sql);
+ if (!$isSkipTable) {
+ $queryID = $debugger->generateID();
+ $debugger->profileStart('sql_'.$queryID, $debugger->formatSQL($sql));
}
}
// set 1st checkpoint: end
- $this->queryID = $query_func($sql,$this->connectionID);
+ $this->queryID = $query_func($sql, $this->connectionID);
if( is_resource($this->queryID) )
{