1: <?php
2: /**
3: * The Horde_Perms_Base class provides the Horde permissions system.
4: *
5: * Copyright 2001-2012 Horde LLC (http://www.horde.org/)
6: *
7: * See the enclosed file COPYING for license information (LGPL). If you
8: * did not receive this file, see http://www.horde.org/licenses/lgpl21.
9: *
10: * @author Chuck Hagenbuch <chuck@horde.org>
11: * @author Jan Schneider <jan@horde.org>
12: * @category Horde
13: * @package Perms
14: */
15: abstract class Horde_Perms_Base
16: {
17: /**
18: * Cache object.
19: *
20: * @var Horde_Cache
21: */
22: protected $_cache;
23:
24: /**
25: * Logger.
26: *
27: * @var Horde_Log_Logger
28: */
29: protected $_logger;
30:
31: /**
32: * Constructor.
33: *
34: * @param array $params Configuration parameters:
35: * <pre>
36: * 'cache' - (Horde_Cache) The object to use to cache perms.
37: * 'logger' - (Horde_Log_Logger) A logger object.
38: * </pre>
39: *
40: * @throws Horde_Perms_Exception
41: */
42: public function __construct($params = array())
43: {
44: if (isset($params['cache'])) {
45: $this->_cache = $params['cache'];
46: }
47:
48: if (isset($params['logger'])) {
49: $this->_logger = $params['logger'];
50: }
51: }
52:
53: /**
54: * Returns the short name of an object, the last portion of the full name.
55: *
56: * @param string $name The name of the object.
57: *
58: * @return string The object's short name.
59: */
60: public function getShortName($name)
61: {
62: /* If there are several components to the name, explode and
63: * get the last one, otherwise just return the name. */
64: if (strpos($name, ':') !== false) {
65: $tmp = explode(':', $name);
66: return array_pop($tmp);
67: }
68:
69: return $name;
70: }
71:
72: /**
73: * Returns a new permissions object.
74: *
75: * @param string $name The permission's name.
76: * @param string $type The permission type.
77: * @param array $params The permission parameters.
78: *
79: * @return Horde_Perms_Permission A new permissions object.
80: * @throws Horde_Perms_Exception
81: */
82: abstract public function newPermission($name, $type = 'matrix', $params = null);
83:
84: /**
85: * Returns an object corresponding to the named permission, with the users
86: * and other data retrieved appropriately.
87: *
88: * @param string $name The name of the permission to retrieve.
89: *
90: * @return Horde_Perms_Permission A permissions object.
91: * @throws Horde_Perms_Exception
92: */
93: abstract public function getPermission($name);
94:
95: /**
96: * Returns an object corresponding to the given unique ID, with the users
97: * and other data retrieved appropriately.
98: *
99: * @param integer $cid The unique ID of the permission to retrieve.
100: *
101: * @return Horde_Perms_Permission A permissions object.
102: * @throws Horde_Perms_Exception
103: */
104: abstract public function getPermissionById($cid);
105:
106: /**
107: * Adds a permission to the permissions system. The permission must first
108: * be created with newPermission(), and have any initial users added to
109: * it, before this function is called.
110: *
111: * @param Horde_Perms_Permission $perm The permissions object.
112: *
113: * @throws Horde_Perms_Exception
114: */
115: abstract public function addPermission(Horde_Perms_Permission $perm);
116:
117: /**
118: * Removes a permission from the permissions system permanently.
119: *
120: * @param Horde_Perms_Permission $perm The permission to remove.
121: * @param boolean $force Force to remove every child.
122: *
123: * @throws Horde_Perms_Exception
124: */
125: abstract public function removePermission(Horde_Perms_Permission $perm,
126: $force = false);
127:
128: /**
129: * Finds out what rights the given user has to this object.
130: *
131: * @param mixed $permission The full permission name of the object to
132: * check the permissions of, or the
133: * Horde_Permissions object.
134: * @param string $user The user to check for.
135: * @param string $creator The user who created the event.
136: *
137: * @return mixed A bitmask of permissions the user has, false if there
138: * are none.
139: */
140: public function getPermissions($permission, $user, $creator = null)
141: {
142: if (is_string($permission)) {
143: try {
144: $permission = $this->getPermission($permission);
145: } catch (Horde_Perms_Exception $e) {
146: if ($this->_logger) {
147: $this->_logger->log($e, 'DEBUG');
148: }
149: return false;
150: }
151: }
152:
153: // If this is a guest user, only check guest permissions.
154: if (empty($user)) {
155: return $permission->getGuestPermissions();
156: }
157:
158: // Combine all other applicable permissions.
159: $type = $permission->get('type');
160: $composite_perm = ($type == 'matrix') ? 0 : array();
161:
162: // If $creator was specified, check creator permissions.
163: // If the user is the creator of the event see if there are creator
164: // permissions.
165: if (!is_null($creator) &&
166: strlen($user) &&
167: ($user === $creator) &&
168: (($perms = $permission->getCreatorPermissions()) !== null)) {
169: if ($type == 'matrix') {
170: $composite_perm |= $perms;
171: } else {
172: $composite_perm[] = $perms;
173: }
174: }
175:
176: // Check user-level permissions.
177: $userperms = $permission->getUserPermissions();
178: if (isset($userperms[$user])) {
179: if ($type == 'matrix') {
180: $composite_perm |= $userperms[$user];
181: } else {
182: $composite_perm[] = $userperms[$user];
183: }
184: }
185:
186: // If no user permissions are found, try group permissions.
187: if (isset($permission->data['groups']) &&
188: is_array($permission->data['groups']) &&
189: count($permission->data['groups'])) {
190: $groups = $GLOBALS['injector']
191: ->getInstance('Horde_Group')
192: ->listGroups($user);
193:
194: foreach ($permission->data['groups'] as $group => $perms) {
195: if (isset($groups[$group])) {
196: if ($type == 'matrix') {
197: $composite_perm |= $perms;
198: } else {
199: $composite_perm[] = $perms;
200: }
201: }
202: }
203: }
204:
205: // If there are default permissions, return them.
206: if (($perms = $permission->getDefaultPermissions()) !== null) {
207: if ($type == 'matrix') {
208: $composite_perm |= $perms;
209: } else {
210: $composite_perm[] = $perms;
211: }
212: }
213:
214: // Return composed permissions.
215: if ($composite_perm) {
216: return $composite_perm;
217: }
218:
219: // Otherwise, deny all permissions to the object.
220: return false;
221: }
222:
223: /**
224: * Returns the unique identifier of this permission.
225: *
226: * @param Horde_Perms_Permission $permission The permission object to get
227: * the ID of.
228: *
229: * @return integer The unique id.
230: * @throws Horde_Perms_Exception
231: */
232: abstract public function getPermissionId($permission);
233:
234: /**
235: * Finds out if the user has the specified rights to the given object.
236: *
237: * @param string $permission The permission to check.
238: * @param string $user The user to check for.
239: * @param integer $perm The permission level that needs to be checked
240: * for.
241: * @param string $creator The creator of the event
242: *
243: * @return boolean Whether the user has the specified permissions.
244: */
245: public function hasPermission($permission, $user, $perm, $creator = null)
246: {
247: return (bool)($this->getPermissions($permission, $user, $creator) & $perm);
248: }
249:
250: /**
251: * Checks if a permission exists in the system.
252: *
253: * @param string $permission The permission to check.
254: *
255: * @return boolean True if the permission exists.
256: */
257: abstract public function exists($permission);
258:
259: /**
260: * Returns a list of parent permissions.
261: *
262: * @param string $child The name of the child to retrieve parents for.
263: *
264: * @return array A hash with all parents in a tree format.
265: * @throws Horde_Perms_Exception
266: */
267: abstract public function getParents($child);
268:
269: /**
270: * Returns all permissions of the system in a tree format.
271: *
272: * @return array A hash with all permissions in a tree format.
273: */
274: abstract public function getTree();
275: }
276: