Overview

Packages

  • Perms

Classes

  • Horde_Perms
  • Horde_Perms_Base
  • Horde_Perms_Datatree
  • Horde_Perms_Exception
  • Horde_Perms_Null
  • Horde_Perms_Permission
  • Horde_Perms_Permission_Datatree
  • Horde_Perms_Permission_Kolab
  • Horde_Perms_Permission_Kolab_Acl
  • Horde_Perms_Permission_Kolab_Acl_Anonymous
  • Horde_Perms_Permission_Kolab_Acl_Anyone
  • Horde_Perms_Permission_Kolab_Acl_Creator
  • Horde_Perms_Permission_Kolab_Acl_Group
  • Horde_Perms_Permission_Kolab_Acl_User
  • Horde_Perms_Permission_Kolab_AclIterator
  • Horde_Perms_Permission_Kolab_Element
  • Horde_Perms_Permission_Kolab_Element_Creator
  • Horde_Perms_Permission_Kolab_Element_Default
  • Horde_Perms_Permission_Kolab_Element_Group
  • Horde_Perms_Permission_Kolab_Element_Guest
  • Horde_Perms_Permission_Kolab_Element_User
  • Horde_Perms_Permission_Kolab_ElementIterator
  • Horde_Perms_Permission_Sql
  • Horde_Perms_Sql
  • Horde_Perms_Translation

Interfaces

  • Horde_Perms_Permission_Kolab_Storage
  • Overview
  • Package
  • Class
  • Tree
  1: <?php
  2: /**
  3:  * The Horde_Perms_Base class provides the Horde permissions system.
  4:  *
  5:  * Copyright 2001-2012 Horde LLC (http://www.horde.org/)
  6:  *
  7:  * See the enclosed file COPYING for license information (LGPL). If you
  8:  * did not receive this file, see http://www.horde.org/licenses/lgpl21.
  9:  *
 10:  * @author   Chuck Hagenbuch <chuck@horde.org>
 11:  * @author   Jan Schneider <jan@horde.org>
 12:  * @category Horde
 13:  * @package  Perms
 14:  */
 15: abstract class Horde_Perms_Base
 16: {
 17:     /**
 18:      * Cache object.
 19:      *
 20:      * @var Horde_Cache
 21:      */
 22:     protected $_cache;
 23: 
 24:     /**
 25:      * Logger.
 26:      *
 27:      * @var Horde_Log_Logger
 28:      */
 29:     protected $_logger;
 30: 
 31:     /**
 32:      * Constructor.
 33:      *
 34:      * @param array $params  Configuration parameters:
 35:      * <pre>
 36:      * 'cache' - (Horde_Cache) The object to use to cache perms.
 37:      * 'logger' - (Horde_Log_Logger) A logger object.
 38:      * </pre>
 39:      *
 40:      * @throws Horde_Perms_Exception
 41:      */
 42:     public function __construct($params = array())
 43:     {
 44:         if (isset($params['cache'])) {
 45:             $this->_cache = $params['cache'];
 46:         }
 47: 
 48:         if (isset($params['logger'])) {
 49:             $this->_logger = $params['logger'];
 50:         }
 51:     }
 52: 
 53:     /**
 54:      * Returns the short name of an object, the last portion of the full name.
 55:      *
 56:      * @param string $name  The name of the object.
 57:      *
 58:      * @return string  The object's short name.
 59:      */
 60:     public function getShortName($name)
 61:     {
 62:         /* If there are several components to the name, explode and
 63:          * get the last one, otherwise just return the name. */
 64:         if (strpos($name, ':') !== false) {
 65:             $tmp = explode(':', $name);
 66:             return array_pop($tmp);
 67:         }
 68: 
 69:         return $name;
 70:     }
 71: 
 72:     /**
 73:      * Returns a new permissions object.
 74:      *
 75:      * @param string $name   The permission's name.
 76:      * @param string $type   The permission type.
 77:      * @param array $params  The permission parameters.
 78:      *
 79:      * @return Horde_Perms_Permission  A new permissions object.
 80:      * @throws Horde_Perms_Exception
 81:      */
 82:     abstract public function newPermission($name, $type = 'matrix', $params = null);
 83: 
 84:     /**
 85:      * Returns an object corresponding to the named permission, with the users
 86:      * and other data retrieved appropriately.
 87:      *
 88:      * @param string $name  The name of the permission to retrieve.
 89:      *
 90:      * @return Horde_Perms_Permission  A permissions object.
 91:      * @throws Horde_Perms_Exception
 92:      */
 93:     abstract public function getPermission($name);
 94: 
 95:     /**
 96:      * Returns an object corresponding to the given unique ID, with the users
 97:      * and other data retrieved appropriately.
 98:      *
 99:      * @param integer $cid  The unique ID of the permission to retrieve.
100:      *
101:      * @return Horde_Perms_Permission  A permissions object.
102:      * @throws Horde_Perms_Exception
103:      */
104:     abstract public function getPermissionById($cid);
105: 
106:     /**
107:      * Adds a permission to the permissions system. The permission must first
108:      * be created with newPermission(), and have any initial users added to
109:      * it, before this function is called.
110:      *
111:      * @param Horde_Perms_Permission $perm  The permissions object.
112:      *
113:      * @throws Horde_Perms_Exception
114:      */
115:     abstract public function addPermission(Horde_Perms_Permission $perm);
116: 
117:     /**
118:      * Removes a permission from the permissions system permanently.
119:      *
120:      * @param Horde_Perms_Permission $perm  The permission to remove.
121:      * @param boolean $force                Force to remove every child.
122:      *
123:      * @throws Horde_Perms_Exception
124:      */
125:     abstract public function removePermission(Horde_Perms_Permission $perm,
126:                                               $force = false);
127: 
128:     /**
129:      * Finds out what rights the given user has to this object.
130:      *
131:      * @param mixed $permission  The full permission name of the object to
132:      *                           check the permissions of, or the
133:      *                           Horde_Permissions object.
134:      * @param string $user       The user to check for.
135:      * @param string $creator    The user who created the event.
136:      *
137:      * @return mixed  A bitmask of permissions the user has, false if there
138:      *                are none.
139:      */
140:     public function getPermissions($permission, $user, $creator = null)
141:     {
142:         if (is_string($permission)) {
143:             try {
144:                 $permission = $this->getPermission($permission);
145:             } catch (Horde_Perms_Exception $e) {
146:                 if ($this->_logger) {
147:                     $this->_logger->log($e, 'DEBUG');
148:                 }
149:                 return false;
150:             }
151:         }
152: 
153:         // If this is a guest user, only check guest permissions.
154:         if (empty($user)) {
155:             return $permission->getGuestPermissions();
156:         }
157: 
158:         // Combine all other applicable permissions.
159:         $type = $permission->get('type');
160:         $composite_perm = ($type == 'matrix') ? 0 : array();
161: 
162:         // If $creator was specified, check creator permissions.
163:         // If the user is the creator of the event see if there are creator
164:         // permissions.
165:         if (!is_null($creator) &&
166:             strlen($user) &&
167:             ($user === $creator) &&
168:             (($perms = $permission->getCreatorPermissions()) !== null)) {
169:             if ($type == 'matrix') {
170:                 $composite_perm |= $perms;
171:             } else {
172:                 $composite_perm[] = $perms;
173:             }
174:         }
175: 
176:         // Check user-level permissions.
177:         $userperms = $permission->getUserPermissions();
178:         if (isset($userperms[$user])) {
179:             if ($type == 'matrix') {
180:                 $composite_perm |= $userperms[$user];
181:             } else {
182:                 $composite_perm[] = $userperms[$user];
183:             }
184:         }
185: 
186:         // If no user permissions are found, try group permissions.
187:         if (isset($permission->data['groups']) &&
188:             is_array($permission->data['groups']) &&
189:             count($permission->data['groups'])) {
190:             $groups = $GLOBALS['injector']
191:                 ->getInstance('Horde_Group')
192:                 ->listGroups($user);
193: 
194:             foreach ($permission->data['groups'] as $group => $perms) {
195:                 if (isset($groups[$group])) {
196:                     if ($type == 'matrix') {
197:                         $composite_perm |= $perms;
198:                     } else {
199:                         $composite_perm[] = $perms;
200:                     }
201:                 }
202:             }
203:         }
204: 
205:         // If there are default permissions, return them.
206:         if (($perms = $permission->getDefaultPermissions()) !== null) {
207:             if ($type == 'matrix') {
208:                 $composite_perm |= $perms;
209:             } else {
210:                 $composite_perm[] = $perms;
211:             }
212:         }
213: 
214:         // Return composed permissions.
215:         if ($composite_perm) {
216:             return $composite_perm;
217:         }
218: 
219:         // Otherwise, deny all permissions to the object.
220:         return false;
221:     }
222: 
223:     /**
224:      * Returns the unique identifier of this permission.
225:      *
226:      * @param Horde_Perms_Permission $permission  The permission object to get
227:      *                                            the ID of.
228:      *
229:      * @return integer  The unique id.
230:      * @throws Horde_Perms_Exception
231:      */
232:     abstract public function getPermissionId($permission);
233: 
234:     /**
235:      * Finds out if the user has the specified rights to the given object.
236:      *
237:      * @param string $permission  The permission to check.
238:      * @param string $user        The user to check for.
239:      * @param integer $perm       The permission level that needs to be checked
240:      *                            for.
241:      * @param string $creator     The creator of the event
242:      *
243:      * @return boolean  Whether the user has the specified permissions.
244:      */
245:     public function hasPermission($permission, $user, $perm, $creator = null)
246:     {
247:         return (bool)($this->getPermissions($permission, $user, $creator) & $perm);
248:     }
249: 
250:     /**
251:      * Checks if a permission exists in the system.
252:      *
253:      * @param string $permission  The permission to check.
254:      *
255:      * @return boolean  True if the permission exists.
256:      */
257:     abstract public function exists($permission);
258: 
259:     /**
260:      * Returns a list of parent permissions.
261:      *
262:      * @param string $child  The name of the child to retrieve parents for.
263:      *
264:      * @return array  A hash with all parents in a tree format.
265:      * @throws Horde_Perms_Exception
266:      */
267:     abstract public function getParents($child);
268: 
269:     /**
270:      * Returns all permissions of the system in a tree format.
271:      *
272:      * @return array  A hash with all permissions in a tree format.
273:      */
274:     abstract public function getTree();
275: }
276: 
API documentation generated by ApiGen