Revize 1743
Přidáno uživatelem Ondřej Fibich před téměř 12 roky(ů)
freenetis/trunk/kohana/application/i18n/cs_CZ/texts.php | ||
---|---|---|
'cannot delete, there are other records depending on this one' => 'Nelze smazat, na položce jsou závislé jiné záznamy',
|
||
'cannot edit, there are other records depending on this one' => 'Nelze upravit, na položce jsou závislé jiné záznamy',
|
||
'cannot delete group - it has at least one children group' => 'Nelze smazat skupinu - má alespoň jednu potomkovskou skupinu.',
|
||
'cannot delete group - this group is protected against deletion' => 'Nelze smazat skupinu - tato skupina je chráněná proti mazání.',
|
||
'cannot enable voip driver, allow `%s` rights for mysql user' => 'Nemohu povolit VoIP ovladač, povolte právo `%s` pro MySQL uživatele',
|
||
'cannot find detail dumps' => 'Nemohu nalézt podrobné výpisy.',
|
||
'cannot load heading of invoice' => 'Nemohu načíst hlavičku faktury',
|
freenetis/trunk/kohana/application/models/aro_group.php | ||
---|---|---|
<?php defined('SYSPATH') or die('No direct script access.');
|
||
/*
|
||
* This file is part of open source system FreenetIS
|
||
* and it is release under GPLv3 licence.
|
||
*
|
||
* More info about licence can be found:
|
||
* http://www.gnu.org/licenses/gpl-3.0.html
|
||
*
|
||
* More info about project can be found:
|
||
* http://www.freenetis.org/
|
||
*
|
||
*/
|
||
|
||
/**
|
||
* Access groups of users represented by tree.
|
||
* Properties lft and rgt are used for left and right walk thought tree.
|
||
*
|
||
* @package Model
|
||
*
|
||
* @property integer $id
|
||
* @property integer $parent_id
|
||
* @property integer $lft
|
||
* @property integer $rgt
|
||
* @property string $name
|
||
* @property string $value
|
||
*/
|
||
class Aro_group_Model extends ORM
|
||
{
|
||
// ARO groups (must correspinds to database) =>
|
||
const ALL = 21;
|
||
const REGULAR_MEMBERS = 22;
|
||
const REGISTERED_APPLICANTS = 23;
|
||
const AUDITING_COMITTEE = 24;
|
||
const EXECUTIVE_COUNSIL = 25;
|
||
const ENGINEERS = 26;
|
||
const ADMINS = 32;
|
||
const USERS = 33;
|
||
const TELEPHONISTS = 44;
|
||
const CHAIRMAN_AND_AGENT = 28;
|
||
const FIRST_DEGREE_CERTIFIED_ENGINEERS = 29;
|
||
const VOIP_ADMINS = 34;
|
||
const SECOND_DEGREE_CERTIFIED_ENGINEERS = 35;
|
||
const THIRD_DEGREE_CERTIFIED_ENGINEERS = 36;
|
||
const FOURTH_DEGREE_CERTIFIED_ENGINEERS = 37;
|
||
const FIFTH_DEGREE_CERTIFIED_ENGINEERS = 38;
|
||
const SIXTH_DEGREE_CERTIFIED_ENGINEERS = 39;
|
||
const SEVENTH_DEGREE_CERTIFIED_ENGINEERS = 40;
|
||
const EIGHTH_DEGREE_CERTIFIED_ENGINEERS = 41;
|
||
const NINETH_DEGREE_CERTIFIED_ENGINEERS = 42;
|
||
const TENTH_DEGREE_CERTIFIED_ENGINEERS = 43;
|
||
// <= ARO groups
|
||
|
||
/**
|
||
* Cleans ARO group - deletes all ARO objects
|
||
*
|
||
* @author Michal Kliment
|
||
* @param integer $group_id
|
||
*/
|
||
public function clean_group ($group_id = NULL)
|
||
{
|
||
if (!$group_id)
|
||
$group_id = $this->id;
|
||
|
||
$this->db->query("
|
||
DELETE FROM groups_aro_map
|
||
WHERE group_id = ?
|
||
", $group_id);
|
||
}
|
||
|
||
/**
|
||
* Counts all childrens of given group
|
||
*
|
||
* @author Michal Kliment
|
||
* @param integer $parent_id
|
||
* @return integer
|
||
*/
|
||
public function count_childrens ($parent_id = NULL)
|
||
{
|
||
if (!$parent_id)
|
||
$parent_id = $this->id;
|
||
|
||
$result = $this->db->query("
|
||
SELECT COUNT(*) AS count
|
||
FROM aro_groups ag
|
||
WHERE parent_id = ?
|
||
", $parent_id);
|
||
|
||
if ($result && $result->current())
|
||
return $result->current ()->count;
|
||
else
|
||
return 0;
|
||
}
|
||
|
||
/**
|
||
* Gets count of parents
|
||
* @param integer $id
|
||
* @return integer
|
||
*/
|
||
public static function count_parent($id)
|
||
{
|
||
$aro_group_model = new Aro_group_Model();
|
||
|
||
$parents = $aro_group_model->get_parent_id_by_id($id);
|
||
|
||
if ($parents->count())
|
||
{
|
||
return (1 + self::count_parent($parents->current()->parent_id));
|
||
}
|
||
|
||
return 0;
|
||
}
|
||
|
||
/**
|
||
* Decreases lft and rgt values (to delete group)
|
||
*
|
||
* @author Michal Kliment
|
||
* @param type $lft
|
||
* @param type $decrease
|
||
*/
|
||
public function decrease($lft, $decrease = 2)
|
||
{
|
||
$this->db->query("
|
||
UPDATE aro_groups
|
||
SET lft = lft - ".intval($decrease)."
|
||
WHERE lft >= ?
|
||
", array($lft));
|
||
|
||
$this->db->query("
|
||
UPDATE aro_groups
|
||
SET rgt = rgt - ".intval($decrease)."
|
||
WHERE rgt >= ?
|
||
", array($lft));
|
||
}
|
||
|
||
/**
|
||
* Returns all ACLs rule belongs to ARO group
|
||
*
|
||
* @author Michal Kliment
|
||
* @param type $group_id
|
||
* @return type
|
||
*/
|
||
public function get_acls ($group_id = NULL)
|
||
{
|
||
// group parameter is not required
|
||
if (!$group_id)
|
||
$group_id = $this->id;
|
||
|
||
return $this->db->query("
|
||
SELECT acl.*
|
||
FROM acl
|
||
JOIN aro_groups_map rgm ON rgm.acl_id = acl.id
|
||
WHERE rgm.group_id = ?
|
||
", $group_id);
|
||
}
|
||
|
||
/**
|
||
* Gets all
|
||
* @return Mysql_Result
|
||
*/
|
||
public function get_all_values()
|
||
{
|
||
return $this->db->query("
|
||
SELECT * FROM aro_groups
|
||
");
|
||
}
|
||
|
||
/**
|
||
* Gets aro groups by fk_id and type
|
||
* @return Mysql_Result
|
||
*/
|
||
public function get_aro_groups_by_fk_id($fk_id, $type)
|
||
{
|
||
return $this->db->query("
|
||
SELECT a.* FROM votes v
|
||
LEFT JOIN aro_groups a ON v.aro_group_id = a.id
|
||
WHERE v.fk_id = ? AND v.type = ?
|
||
GROUP BY v.aro_group_id
|
||
ORDER BY v.priority
|
||
", array($fk_id, $type));
|
||
}
|
||
|
||
/**
|
||
* Returns all ARO objects belongs to given group
|
||
*
|
||
* @author Michal Kliment
|
||
* @param integer $group_id
|
||
* @return MySQL Result
|
||
*/
|
||
public function get_aros ($group_id = NULL)
|
||
{
|
||
if (!$group_id)
|
||
$group_id = $this->id;
|
||
|
||
return $this->db->query("
|
||
SELECT u.id, CONCAT(u.surname,' ',u.name) AS user_name, u.login
|
||
FROM groups_aro_map grm
|
||
JOIN users u ON grm.aro_id = u.id
|
||
WHERE group_id = ?
|
||
", $group_id);
|
||
}
|
||
|
||
/**
|
||
* Get all with ID
|
||
* @param integer $id
|
||
* @return Mysql_Result
|
||
*/
|
||
public function get_by_id($id)
|
||
{
|
||
return $this->db->query("
|
||
SELECT *
|
||
FROM aro_groups
|
||
WHERE id=?
|
||
", array($id));
|
||
}
|
||
|
||
/**
|
||
* Returns info about ranges of children of group
|
||
*
|
||
* @author Michal Kliment
|
||
* @param integer $parent_id
|
||
* @return MySQL Result
|
||
*/
|
||
public function get_childrens_ranges($parent_id = NULL)
|
||
{
|
||
if (!$parent_id)
|
||
$parent_id = $this->id;
|
||
|
||
return $this->db->query("
|
||
SELECT
|
||
MIN(lft) AS lft, MAX(rgt) AS rgt
|
||
FROM
|
||
aro_groups ag
|
||
WHERE parent_id = ?
|
||
", $parent_id)->current();
|
||
}
|
||
|
||
/**
|
||
* Returns parent of given ARO group
|
||
*
|
||
* @author Michal Kliment
|
||
* @param integer $group_id
|
||
* @return MySQL Result
|
||
*/
|
||
public function get_parent($group_id = NULL)
|
||
{
|
||
if (!$group_id)
|
||
$group_id = $this->id;
|
||
|
||
return $this->db->query("
|
||
SELECT pag.*
|
||
FROM aro_groups ag
|
||
LEFT JOIN aro_groups pag ON ag.parent_id = pag.id
|
||
WHERE ag.id = ?
|
||
", $group_id)->current();
|
||
}
|
||
|
||
/**
|
||
* Get parent id
|
||
* @param integer $id
|
||
* @return Mysql_Result
|
||
*/
|
||
public function get_parent_id_by_id($id)
|
||
{
|
||
return $this->db->query("
|
||
SELECT parent_id
|
||
FROM aro_groups
|
||
WHERE id=?
|
||
", array($id));
|
||
}
|
||
|
||
/**
|
||
* Gets all by tree walk
|
||
* @return Mysql_Result
|
||
*/
|
||
public function get_traverz_tree()
|
||
{
|
||
return $this->db->query("
|
||
SELECT id, name, lft, parent_id, rgt, value
|
||
FROM aro_groups
|
||
ORDER BY lft
|
||
");
|
||
}
|
||
|
||
/**
|
||
* Increases lft and rgt values (to insert new group)
|
||
*
|
||
* @author Michal Kliment
|
||
* @param integer $rgt
|
||
* @param integer $increase
|
||
*/
|
||
public function increase($rgt, $increase = 2)
|
||
{
|
||
$this->db->query("
|
||
UPDATE aro_groups
|
||
SET lft = lft + ".intval($increase)."
|
||
WHERE lft >= ?
|
||
", array($rgt));
|
||
|
||
$this->db->query("
|
||
UPDATE aro_groups
|
||
SET rgt = rgt + ".intval($increase)."
|
||
WHERE rgt >= ?
|
||
", array($rgt));
|
||
}
|
||
|
||
/**
|
||
* Inserts given AROs to given ARO group
|
||
*
|
||
* @author Michal Kliment
|
||
* @param array $aros
|
||
* @param integer $group_id
|
||
*/
|
||
public function insert_aro($aros = array(), $group_id = NULL)
|
||
{
|
||
if (!$group_id)
|
||
$group_id = $this->id;
|
||
|
||
$sql_insert = "INSERT INTO groups_aro_map (group_id, aro_id) VALUES ";
|
||
|
||
$values = array();
|
||
foreach ($aros as $aro)
|
||
$values[] = "($group_id, $aro)";
|
||
|
||
if (count($values))
|
||
{
|
||
$sql_insert .= implode(',', $values);
|
||
$this->db->query($sql_insert);
|
||
}
|
||
}
|
||
|
||
}
|
||
<?php defined('SYSPATH') or die('No direct script access.');
|
||
/*
|
||
* This file is part of open source system FreenetIS
|
||
* and it is release under GPLv3 licence.
|
||
*
|
||
* More info about licence can be found:
|
||
* http://www.gnu.org/licenses/gpl-3.0.html
|
||
*
|
||
* More info about project can be found:
|
||
* http://www.freenetis.org/
|
||
*
|
||
*/
|
||
|
||
/**
|
||
* Access groups of users represented by tree.
|
||
* Properties lft and rgt are used for left and right walk thought tree.
|
||
*
|
||
* @package Model
|
||
*
|
||
* @property integer $id
|
||
* @property integer $parent_id
|
||
* @property integer $lft
|
||
* @property integer $rgt
|
||
* @property string $name
|
||
* @property string $value
|
||
*/
|
||
class Aro_group_Model extends ORM
|
||
{
|
||
// ARO groups (must corresponds to database) =>
|
||
const ALL = 21;
|
||
const REGULAR_MEMBERS = 22;
|
||
const REGISTERED_APPLICANTS = 23;
|
||
const ADMINS = 32;
|
||
const TELEPHONISTS = 44;
|
||
// <= ARO groups
|
||
|
||
/**
|
||
* Is given ARO group deletable?
|
||
* If no ARO group given, current (this) ARO group is checked.
|
||
*
|
||
* @author Ondřej Fibich
|
||
* @param integer $aro_group_id [optional]
|
||
* @return boolean
|
||
*/
|
||
public function is_deletable($aro_group_id = NULL)
|
||
{
|
||
if ($aro_group_id === NULL && $this)
|
||
{
|
||
$aro_group_id = $this->id;
|
||
}
|
||
|
||
return (
|
||
$aro_group_id != self::ALL &&
|
||
$aro_group_id != self::REGULAR_MEMBERS &&
|
||
$aro_group_id != self::REGISTERED_APPLICANTS &&
|
||
$aro_group_id != self::ADMINS &&
|
||
$aro_group_id != self::TELEPHONISTS
|
||
);
|
||
}
|
||
|
||
|
||
/**
|
||
* Cleans ARO group - deletes all ARO objects
|
||
*
|
||
* @author Michal Kliment
|
||
* @param integer $group_id
|
||
*/
|
||
public function clean_group ($group_id = NULL)
|
||
{
|
||
if (!$group_id)
|
||
$group_id = $this->id;
|
||
|
||
$this->db->query("
|
||
DELETE FROM groups_aro_map
|
||
WHERE group_id = ?
|
||
", $group_id);
|
||
}
|
||
|
||
/**
|
||
* Counts all childrens of given group
|
||
*
|
||
* @author Michal Kliment
|
||
* @param integer $parent_id
|
||
* @return integer
|
||
*/
|
||
public function count_childrens ($parent_id = NULL)
|
||
{
|
||
if (!$parent_id)
|
||
$parent_id = $this->id;
|
||
|
||
$result = $this->db->query("
|
||
SELECT COUNT(*) AS count
|
||
FROM aro_groups ag
|
||
WHERE parent_id = ?
|
||
", $parent_id);
|
||
|
||
if ($result && $result->current())
|
||
return $result->current ()->count;
|
||
else
|
||
return 0;
|
||
}
|
||
|
||
/**
|
||
* Gets count of parents
|
||
* @param integer $id
|
||
* @return integer
|
||
*/
|
||
public static function count_parent($id)
|
||
{
|
||
$aro_group_model = new Aro_group_Model();
|
||
|
||
$parents = $aro_group_model->get_parent_id_by_id($id);
|
||
|
||
if ($parents->count())
|
||
{
|
||
return (1 + self::count_parent($parents->current()->parent_id));
|
||
}
|
||
|
||
return 0;
|
||
}
|
||
|
||
/**
|
||
* Decreases lft and rgt values (to delete group)
|
||
*
|
||
* @author Michal Kliment
|
||
* @param type $lft
|
||
* @param type $decrease
|
||
*/
|
||
public function decrease($lft, $decrease = 2)
|
||
{
|
||
$this->db->query("
|
||
UPDATE aro_groups
|
||
SET lft = lft - ".intval($decrease)."
|
||
WHERE lft >= ?
|
||
", array($lft));
|
||
|
||
$this->db->query("
|
||
UPDATE aro_groups
|
||
SET rgt = rgt - ".intval($decrease)."
|
||
WHERE rgt >= ?
|
||
", array($lft));
|
||
}
|
||
|
||
/**
|
||
* Returns all ACLs rule belongs to ARO group
|
||
*
|
||
* @author Michal Kliment
|
||
* @param type $group_id
|
||
* @return type
|
||
*/
|
||
public function get_acls ($group_id = NULL)
|
||
{
|
||
// group parameter is not required
|
||
if (!$group_id)
|
||
$group_id = $this->id;
|
||
|
||
return $this->db->query("
|
||
SELECT acl.*
|
||
FROM acl
|
||
JOIN aro_groups_map rgm ON rgm.acl_id = acl.id
|
||
WHERE rgm.group_id = ?
|
||
", $group_id);
|
||
}
|
||
|
||
/**
|
||
* Gets all
|
||
* @return Mysql_Result
|
||
*/
|
||
public function get_all_values()
|
||
{
|
||
return $this->db->query("
|
||
SELECT * FROM aro_groups
|
||
");
|
||
}
|
||
|
||
/**
|
||
* Gets aro groups by fk_id and type
|
||
* @return Mysql_Result
|
||
*/
|
||
public function get_aro_groups_by_fk_id($fk_id, $type)
|
||
{
|
||
return $this->db->query("
|
||
SELECT a.* FROM votes v
|
||
LEFT JOIN aro_groups a ON v.aro_group_id = a.id
|
||
WHERE v.fk_id = ? AND v.type = ?
|
||
GROUP BY v.aro_group_id
|
||
ORDER BY v.priority
|
||
", array($fk_id, $type));
|
||
}
|
||
|
||
/**
|
||
* Returns all ARO objects belongs to given group
|
||
*
|
||
* @author Michal Kliment
|
||
* @param integer $group_id
|
||
* @return MySQL Result
|
||
*/
|
||
public function get_aros ($group_id = NULL)
|
||
{
|
||
if (!$group_id)
|
||
$group_id = $this->id;
|
||
|
||
return $this->db->query("
|
||
SELECT u.id, CONCAT(u.surname,' ',u.name) AS user_name, u.login
|
||
FROM groups_aro_map grm
|
||
JOIN users u ON grm.aro_id = u.id
|
||
WHERE group_id = ?
|
||
", $group_id);
|
||
}
|
||
|
||
/**
|
||
* Get all with ID
|
||
* @param integer $id
|
||
* @return Mysql_Result
|
||
*/
|
||
public function get_by_id($id)
|
||
{
|
||
return $this->db->query("
|
||
SELECT *
|
||
FROM aro_groups
|
||
WHERE id=?
|
||
", array($id));
|
||
}
|
||
|
||
/**
|
||
* Returns info about ranges of children of group
|
||
*
|
||
* @author Michal Kliment
|
||
* @param integer $parent_id
|
||
* @return MySQL Result
|
||
*/
|
||
public function get_childrens_ranges($parent_id = NULL)
|
||
{
|
||
if (!$parent_id)
|
||
$parent_id = $this->id;
|
||
|
||
return $this->db->query("
|
||
SELECT
|
||
MIN(lft) AS lft, MAX(rgt) AS rgt
|
||
FROM
|
||
aro_groups ag
|
||
WHERE parent_id = ?
|
||
", $parent_id)->current();
|
||
}
|
||
|
||
/**
|
||
* Returns parent of given ARO group
|
||
*
|
||
* @author Michal Kliment
|
||
* @param integer $group_id
|
||
* @return MySQL Result
|
||
*/
|
||
public function get_parent($group_id = NULL)
|
||
{
|
||
if (!$group_id)
|
||
$group_id = $this->id;
|
||
|
||
return $this->db->query("
|
||
SELECT pag.*
|
||
FROM aro_groups ag
|
||
LEFT JOIN aro_groups pag ON ag.parent_id = pag.id
|
||
WHERE ag.id = ?
|
||
", $group_id)->current();
|
||
}
|
||
|
||
/**
|
||
* Get parent id
|
||
* @param integer $id
|
||
* @return Mysql_Result
|
||
*/
|
||
public function get_parent_id_by_id($id)
|
||
{
|
||
return $this->db->query("
|
||
SELECT parent_id
|
||
FROM aro_groups
|
||
WHERE id=?
|
||
", array($id));
|
||
}
|
||
|
||
/**
|
||
* Gets all by tree walk
|
||
* @return Mysql_Result
|
||
*/
|
||
public function get_traverz_tree()
|
||
{
|
||
return $this->db->query("
|
||
SELECT id, name, lft, parent_id, rgt, value
|
||
FROM aro_groups
|
||
ORDER BY lft
|
||
");
|
||
}
|
||
|
||
/**
|
||
* Increases lft and rgt values (to insert new group)
|
||
*
|
||
* @author Michal Kliment
|
||
* @param integer $rgt
|
||
* @param integer $increase
|
||
*/
|
||
public function increase($rgt, $increase = 2)
|
||
{
|
||
$this->db->query("
|
||
UPDATE aro_groups
|
||
SET lft = lft + ".intval($increase)."
|
||
WHERE lft >= ?
|
||
", array($rgt));
|
||
|
||
$this->db->query("
|
||
UPDATE aro_groups
|
||
SET rgt = rgt + ".intval($increase)."
|
||
WHERE rgt >= ?
|
||
", array($rgt));
|
||
}
|
||
|
||
/**
|
||
* Inserts given AROs to given ARO group
|
||
*
|
||
* @author Michal Kliment
|
||
* @param array $aros
|
||
* @param integer $group_id
|
||
*/
|
||
public function insert_aro($aros = array(), $group_id = NULL)
|
||
{
|
||
if (!$group_id)
|
||
$group_id = $this->id;
|
||
|
||
$group_id = intval($group_id);
|
||
|
||
$sql_insert = "INSERT INTO groups_aro_map (group_id, aro_id) VALUES ";
|
||
|
||
$values = array();
|
||
foreach ($aros as $aro)
|
||
$values[] = "($group_id, " . intval($aro) . ")";
|
||
|
||
if (count($values))
|
||
{
|
||
$sql_insert .= implode(',', $values);
|
||
$this->db->query($sql_insert);
|
||
}
|
||
}
|
||
|
||
}
|
freenetis/trunk/kohana/application/models/acl.php | ||
---|---|---|
if (!$acl_id)
|
||
$acl_id = $this->id;
|
||
|
||
$acl_id = intval($acl_id);
|
||
$sql_insert = "INSERT INTO aco_map (acl_id, value) VALUES ";
|
||
|
||
$values = array();
|
||
foreach ($acos as $aco)
|
||
$values[] = "($acl_id, '$aco')";
|
||
$values[] = "($acl_id, " . $this->db->escape($aco) . ")";
|
||
|
||
if (count($values))
|
||
{
|
||
... | ... | |
if (!$acl_id)
|
||
$acl_id = $this->id;
|
||
|
||
$acl_id = intval($acl_id);
|
||
$sql_insert = "INSERT INTO aro_groups_map (acl_id, group_id) VALUES ";
|
||
|
||
$values = array();
|
||
foreach ($aro_groups as $aro_group)
|
||
$values[] = "($acl_id, '$aro_group')";
|
||
$values[] = "($acl_id, " . $this->db->escape($aro_group) . ")";
|
||
|
||
if (count($values))
|
||
{
|
||
... | ... | |
if (!$acl_id)
|
||
$acl_id = $this->id;
|
||
|
||
$acl_id = intval($acl_id);
|
||
$sql_insert = "INSERT INTO axo_map (acl_id, section_value, value) VALUES ";
|
||
|
||
$values = array();
|
||
foreach ($axos as $axo)
|
||
$values[] = "($acl_id, '".$axo['section_value']."', '".$axo['value']."')";
|
||
$values[] = "($acl_id, " . $this->db->escape($axo['section_value'])
|
||
. ", " . $this->db->escape($axo['value']) . ")";
|
||
|
||
if (count($values))
|
||
{
|
freenetis/trunk/kohana/application/models/groups_aro_map.php | ||
---|---|---|
<?php defined('SYSPATH') or die('No direct script access.');
|
||
/*
|
||
* This file is part of open source system FreenetIS
|
||
* and it is released under GPLv3 licence.
|
||
*
|
||
* More info about licence can be found:
|
||
* http://www.gnu.org/licenses/gpl-3.0.html
|
||
*
|
||
* More info about project can be found:
|
||
* http://www.freenetis.org/
|
||
*
|
||
*/
|
||
|
||
/**
|
||
* Pivot table between ARO map and user.
|
||
* Interaction between user and access system.
|
||
*
|
||
* @author Ondřej Fibich
|
||
* @package Model
|
||
*
|
||
* @property integer $group_id
|
||
* @property integer $aro_id
|
||
*/
|
||
class Groups_aro_map_Model extends ORM
|
||
{
|
||
/**
|
||
* Table name is groups_aro_map not groups_aro_maps
|
||
*
|
||
* @var bool
|
||
*/
|
||
protected $table_names_plural = FALSE;
|
||
|
||
/**
|
||
* Check access of user to part of system.
|
||
*
|
||
* Be wery carefull with editing of this method, whole system can be
|
||
* damaged by impropriate edit!
|
||
*
|
||
* I have tried to different method of fetching data,
|
||
* and for each I have made benchmarks using unit tester
|
||
* throught all controllers.
|
||
*
|
||
* 1) DB query for each access rights
|
||
* AVG Results: 0,3187821622s 6,4278378378MB
|
||
*
|
||
* 2) DB query for all user's rights cached after first of his access request
|
||
* AVG Results: 0,3484608815s 6,4987052342MB
|
||
*
|
||
* The first method seems to be better, so here it is :-)
|
||
*
|
||
* @author Ondřej Fibich
|
||
* @staticvar array $cache Cache of access
|
||
* @param integer $user_id User to check access
|
||
* @param string $aco_value ACO value - action (view_all, new_own, ...)
|
||
* @param string $axo_section_value AXO section value - Controller name
|
||
* @param string $axo_value AXO value - part of Controller
|
||
* @return boolean Has this user access to this part of system?
|
||
*/
|
||
public function has_access(
|
||
$user_id, $aco_value, $axo_section_value, $axo_value)
|
||
{
|
||
// Cahce
|
||
static $cache = array();
|
||
|
||
// Cache key
|
||
$key = "$user_id#$aco_value#$axo_section_value#$axo_value";
|
||
|
||
// Is in cache?
|
||
if (!array_key_exists($key, $cache))
|
||
{
|
||
// Check and add to cache
|
||
$cache[$key] = $this->db->query("
|
||
SELECT COUNT(*) AS count
|
||
FROM groups_aro_map
|
||
LEFT JOIN aro_groups ON aro_groups.id = groups_aro_map.group_id
|
||
LEFT JOIN aro_groups_map ON aro_groups_map.group_id = aro_groups.id
|
||
LEFT JOIN acl ON acl.id = aro_groups_map.acl_id
|
||
LEFT JOIN aco_map ON aco_map.acl_id = acl.id
|
||
LEFT JOIN aco ON aco.value = aco_map.value
|
||
LEFT JOIN axo_map ON axo_map.acl_id = acl.id
|
||
WHERE groups_aro_map.aro_id = ? AND
|
||
aco.value = ? AND
|
||
axo_map.section_value = ? AND
|
||
axo_map.value = ?
|
||
", array
|
||
(
|
||
$user_id, $aco_value, $axo_section_value, $axo_value
|
||
))->current()->count > 0;
|
||
}
|
||
|
||
// Return access info
|
||
return $cache[$key];
|
||
}
|
||
|
||
/**
|
||
* Checks if aro map row exists
|
||
*
|
||
* @author Ondřej Fibich
|
||
* @param integer $group_id ARO group ID
|
||
* @param integer $aro_id User ID
|
||
* @return boolean true if exists false otherwise
|
||
*/
|
||
public function groups_aro_map_exists($group_id, $aro_id)
|
||
{
|
||
return $this->db->query("
|
||
SELECT COUNT(*) AS count
|
||
FROM groups_aro_map
|
||
WHERE group_id = ? AND aro_id = ?
|
||
", array
|
||
(
|
||
$group_id, $aro_id
|
||
))->current()->count > 0;
|
||
}
|
||
|
||
/**
|
||
* Deletes user wights from diven group
|
||
*
|
||
* @param integer $group_id Group ID
|
||
* @param integer $aro_id User ID
|
||
*/
|
||
public function detete_row($group_id, $aro_id)
|
||
{
|
||
$this->db->query("
|
||
DELETE FROM groups_aro_map
|
||
WHERE group_id=? AND aro_id=?
|
||
", $group_id, $aro_id);
|
||
}
|
||
|
||
/**
|
||
* Check if users is in given group
|
||
*
|
||
* @param integer $group_id Group ID
|
||
* @param integer $aro_id User ID
|
||
*/
|
||
public function exist_row($group_id, $aro_id)
|
||
{
|
||
$result = $this->db->query("
|
||
SELECT group_id
|
||
FROM groups_aro_map
|
||
WHERE group_id=? AND aro_id=?
|
||
", $group_id, $aro_id);
|
||
|
||
return $result && $result->count() > 0;
|
||
}
|
||
|
||
/**
|
||
* Counts number of users in given group
|
||
*
|
||
* @param integer $group_id
|
||
* @return integer
|
||
*/
|
||
public function count_rows_by_group_id($group_id)
|
||
{
|
||
return $this->db->query("
|
||
SELECT COUNT(*) AS count
|
||
FROM groups_aro_map where group_id=?
|
||
", $group_id)->current()->count;
|
||
}
|
||
|
||
/**
|
||
* Function to get all users belongs to group
|
||
*
|
||
* @author Michal Kliment
|
||
* @param int $group_id
|
||
* @return Mysql_Result object
|
||
*/
|
||
public function get_all_users_by_group_id($group_id)
|
||
{
|
||
return $this->db->query("
|
||
SELECT u.* FROM groups_aro_map g
|
||
LEFT JOIN users u ON g.aro_id = u.id
|
||
WHERE g.group_id = ?
|
||
", $group_id);
|
||
}
|
||
|
||
}
|
||
<?php defined('SYSPATH') or die('No direct script access.');
|
||
/*
|
||
* This file is part of open source system FreenetIS
|
||
* and it is released under GPLv3 licence.
|
||
*
|
||
* More info about licence can be found:
|
||
* http://www.gnu.org/licenses/gpl-3.0.html
|
||
*
|
||
* More info about project can be found:
|
||
* http://www.freenetis.org/
|
||
*
|
||
*/
|
||
|
||
/**
|
||
* Pivot table between ARO map and user.
|
||
* Interaction between user and access system.
|
||
*
|
||
* @author Ondřej Fibich
|
||
* @package Model
|
||
*
|
||
* @property integer $group_id
|
||
* @property integer $aro_id
|
||
*/
|
||
class Groups_aro_map_Model extends ORM
|
||
{
|
||
/**
|
||
* Table name is groups_aro_map not groups_aro_maps
|
||
*
|
||
* @var bool
|
||
*/
|
||
protected $table_names_plural = FALSE;
|
||
|
||
/**
|
||
* Check access of user to part of system.
|
||
*
|
||
* Be wery carefull with editing of this method, whole system can be
|
||
* damaged by impropriate edit!
|
||
*
|
||
* I have tried to different method of fetching data,
|
||
* and for each I have made benchmarks using unit tester
|
||
* throught all controllers.
|
||
*
|
||
* 1) DB query for each access rights
|
||
* AVG Results: 0,3187821622s 6,4278378378MB
|
||
*
|
||
* 2) DB query for all user's rights cached after first of his access request
|
||
* AVG Results: 0,3484608815s 6,4987052342MB
|
||
*
|
||
* The first method seems to be better, so here it is :-)
|
||
*
|
||
* @author Ondřej Fibich
|
||
* @staticvar array $cache Cache of access
|
||
* @staticvar array $cache_aro_user Cache of ACL parent tree
|
||
* @staticvar array $cache_aro_hierarchy Cache of ACL parent tree
|
||
* @param integer $user_id User to check access
|
||
* @param string $aco_value ACO value - action (view_all, new_own, ...)
|
||
* @param string $axo_section_value AXO section value - Controller name
|
||
* @param string $axo_value AXO value - part of Controller
|
||
* @return boolean Has this user access to this part of system?
|
||
*/
|
||
public function has_access(
|
||
$user_id, $aco_value, $axo_section_value, $axo_value)
|
||
{
|
||
// Cache
|
||
static $cache = array();
|
||
static $cache_aro_hierarchy = NULL;
|
||
static $cache_aro_user = array();
|
||
|
||
// This codes calculates all predecesors of ARO group for hieararchy of
|
||
// access rights.
|
||
if ($cache_aro_hierarchy === NULL)
|
||
{
|
||
////////////////////////////////////////////////////////////////////////////////
|
||
// // Debug for testing (benchmark)
|
||
// $start_time = microtime();
|
||
////////////////////////////////////////////////////////////////////////////////
|
||
|
||
// Gets all groups id with relation to parent
|
||
$aro_groups = ORM::factory('aro_group')->select_list('id', 'parent_id', 'id');
|
||
// Go throught groupd
|
||
foreach ($aro_groups as $i => $v)
|
||
{
|
||
// Final set of all parents (recursive) of group
|
||
$final_set = array($i);
|
||
// Stack for recursive walk throught groups
|
||
$stack = ($v == 0) ? array() : array($v);
|
||
// Go recursive throught parents
|
||
while (($top = array_pop($stack)) !== NULL)
|
||
{
|
||
// End of tree?
|
||
if ($aro_groups[$top] != 0)
|
||
{
|
||
// Add parents to stack
|
||
array_push($stack, $aro_groups[$top]);
|
||
// Add current to final set
|
||
$final_set[] = $top;
|
||
}
|
||
}
|
||
// Add to cache
|
||
$cache_aro_hierarchy[$i] = array_unique($final_set);
|
||
}
|
||
|
||
////////////////////////////////////////////////////////////////////////////////
|
||
// // Debug for testing
|
||
//
|
||
// $diff = microtime() - $start_time;
|
||
// echo 'It tooks: ' . $diff . 'ms <br>';
|
||
//
|
||
// foreach ($cache_acl as $i => $v)
|
||
// {
|
||
// echo '<b>' . ORM::factory('aro_group', $i)->name . '</b>: ';
|
||
// sort($v);
|
||
//
|
||
// foreach ($v as $id)
|
||
// {
|
||
// echo ORM::factory('aro_group', $id)->name . ', ';
|
||
// }
|
||
//
|
||
// echo "<br><br>";
|
||
// }
|
||
//
|
||
// die();
|
||
////////////////////////////////////////////////////////////////////////////////
|
||
}
|
||
|
||
// Cache key
|
||
$key = "$user_id#$aco_value#$axo_section_value#$axo_value";
|
||
|
||
// Is in cache?
|
||
if (!array_key_exists($key, $cache))
|
||
{
|
||
// Fill in user cache?
|
||
if (!array_key_exists($user_id, $cache_aro_user))
|
||
{
|
||
// Get all ARO groups of user
|
||
$user_in_groups = $this->where('aro_id', $user_id)
|
||
->select_list('group_id', 'aro_id');
|
||
// Set cache
|
||
$cache_aro_user[$user_id] = array();
|
||
// Add all parents for users group and set it to cache
|
||
foreach ($user_in_groups as $group_id => $aro_id)
|
||
{
|
||
$cache_aro_user[$user_id] = array_merge(
|
||
$cache_aro_user[$user_id],
|
||
$cache_aro_hierarchy[$group_id]
|
||
);
|
||
}
|
||
// Discart not unique values
|
||
$cache_aro_user[$user_id] = array_unique($cache_aro_user[$user_id]);
|
||
}
|
||
|
||
// Is user in any group?
|
||
if (count($cache_aro_user[$user_id]))
|
||
{
|
||
// Check and add to cache
|
||
$cache[$key] = $this->db->query("
|
||
SELECT COUNT(*) AS count
|
||
FROM aro_groups
|
||
LEFT JOIN aro_groups_map ON aro_groups_map.group_id = aro_groups.id
|
||
LEFT JOIN acl ON acl.id = aro_groups_map.acl_id
|
||
LEFT JOIN aco_map ON aco_map.acl_id = acl.id
|
||
LEFT JOIN aco ON aco.value = aco_map.value
|
||
LEFT JOIN axo_map ON axo_map.acl_id = acl.id
|
||
WHERE aro_groups.id IN(" . implode(',', $cache_aro_user[$user_id]) . ") AND
|
||
aco.value = ? AND
|
||
axo_map.section_value = ? AND
|
||
axo_map.value = ?
|
||
", array
|
||
(
|
||
$aco_value, $axo_section_value, $axo_value
|
||
))->current()->count > 0;
|
||
}
|
||
// No group, no access :-)
|
||
else
|
||
{
|
||
$cache[$key] = FALSE;
|
||
}
|
||
}
|
||
|
||
// Return access info
|
||
return $cache[$key];
|
||
}
|
||
|
||
/**
|
||
* Checks if aro map row exists
|
||
*
|
||
* @author Ondřej Fibich
|
||
* @param integer $group_id ARO group ID
|
||
* @param integer $aro_id User ID
|
||
* @return boolean true if exists false otherwise
|
||
*/
|
||
public function groups_aro_map_exists($group_id, $aro_id)
|
||
{
|
||
return $this->db->query("
|
||
SELECT COUNT(*) AS count
|
||
FROM groups_aro_map
|
||
WHERE group_id = ? AND aro_id = ?
|
||
", array
|
||
(
|
||
$group_id, $aro_id
|
||
))->current()->count > 0;
|
||
}
|
||
|
||
/**
|
||
* Deletes user wights from diven group
|
||
*
|
||
* @param integer $group_id Group ID
|
||
* @param integer $aro_id User ID
|
||
*/
|
||
public function detete_row($group_id, $aro_id)
|
||
{
|
||
$this->db->query("
|
||
DELETE FROM groups_aro_map
|
||
WHERE group_id=? AND aro_id=?
|
||
", $group_id, $aro_id);
|
||
}
|
||
|
||
/**
|
||
* Check if users is in given group
|
||
*
|
||
* @param integer $group_id Group ID
|
||
* @param integer $aro_id User ID
|
||
*/
|
||
public function exist_row($group_id, $aro_id)
|
||
{
|
||
$result = $this->db->query("
|
||
SELECT group_id
|
||
FROM groups_aro_map
|
||
WHERE group_id=? AND aro_id=?
|
||
", $group_id, $aro_id);
|
||
|
||
return $result && $result->count() > 0;
|
||
}
|
||
|
||
/**
|
||
* Counts number of users in given group
|
||
*
|
||
* @param integer $group_id
|
||
* @return integer
|
||
*/
|
||
public function count_rows_by_group_id($group_id)
|
||
{
|
||
return $this->db->query("
|
||
SELECT COUNT(*) AS count
|
||
FROM groups_aro_map where group_id=?
|
||
", $group_id)->current()->count;
|
||
}
|
||
|
||
/**
|
||
* Function to get all users belongs to group
|
||
*
|
||
* @author Michal Kliment
|
||
* @param int $group_id
|
||
* @return Mysql_Result object
|
||
*/
|
||
public function get_all_users_by_group_id($group_id)
|
||
{
|
||
return $this->db->query("
|
||
SELECT u.* FROM groups_aro_map g
|
||
LEFT JOIN users u ON g.aro_id = u.id
|
||
WHERE g.group_id = ?
|
||
", $group_id);
|
||
}
|
||
|
||
}
|
freenetis/trunk/kohana/application/controllers/aro_groups.php | ||
---|---|---|
|
||
$count = $model_groups_aro_map->count_rows_by_group_id($group->id);
|
||
|
||
if ($group->id == 21)
|
||
if ($group->id == Aro_group_Model::ALL)
|
||
{
|
||
$rows[$i + 1] = '<tr><td style="width:400px">'
|
||
. $ret . __('' . $group->name)
|
||
... | ... | |
Controller::error(RECORD);
|
||
|
||
// cannot delete group with some childrens
|
||
if (!$group->is_deletable())
|
||
{
|
||
status::warning('Cannot delete group - this group is protected against deletion');
|
||
url::redirect('aro_groups/show_all');
|
||
}
|
||
|
||
// cannot delete group with some childrens
|
||
if ($group->count_childrens())
|
||
{
|
||
status::warning('Cannot delete group - it has at least one children group');
|
||
url::redirect('access_rights/show_groups');
|
||
url::redirect('aro_groups/show_all');
|
||
}
|
||
|
||
$group->transaction_start();
|
Také k dispozici: Unified diff
Opravy:
- SQL injections v ACL a ARO
- fixes #377: Naktere pristupove skupiny uzivateu by nemely byt mazatelne
- fixes #378: Pristupova prava nededi z rodice