composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
acbb54104e302f376e4bd47ef6b091f4ea4b4a51
iTop/core/userrights.class.inc.php
Denis Flaven 00f1734747 - New API CreateAdministrator used by the setup wizard 
SVN:code[5]
2009-03-27 10:29:38 +00:00

212 lines
5.8 KiB
PHP
Raw Blame History

<?php
/**
* UserRights
* User management API
*
* @package iTopORM
* @author Romain Quetiez <romainquetiez@yahoo.fr>
* @author Denis Flaven <denisflave@free.fr>
* @license http://www.opensource.org/licenses/lgpl-license.php LGPL
* @link www.itop.com
* @since 1.0
* @version 1.1.1.1 $
*/
class UserRightException extends CoreException
{
}
define('UR_ALLOWED_NO', 0);
define('UR_ALLOWED_YES', 1);
define('UR_ALLOWED_DEPENDS', 2);
define('UR_ACTION_READ', 1); // View an object
define('UR_ACTION_MODIFY', 2); // Create/modify an object/attribute
define('UR_ACTION_DELETE', 3); // Delete an object
define('UR_ACTION_BULK_READ', 4); // Export multiple objects
define('UR_ACTION_BULK_MODIFY', 5); // Create/modify multiple objects
define('UR_ACTION_BULK_DELETE', 6); // Delete multiple objects
define('UR_ACTION_APPLICATION_DEFINED', 10000); // Application specific actions (CSV import, View schema...)
/**
* User management module API
*
* @package iTopORM
* @author Romain Quetiez <romainquetiez@yahoo.fr>
* @license http://www.opensource.org/licenses/lgpl-license.php LGPL
* @link www.itop.com
* @since 1.0
* @version $itopversion$
*/
abstract class UserRightsAddOnAPI
{
abstract public function Setup(); // initial installation
abstract public function Init(); // loads data (possible optimizations)
abstract public function CheckCredentials($iUserId, $sPassword); // returns the id of the user or false
abstract public function GetFilter($iUserId, $sClass); // returns a filter object
abstract public function IsActionAllowed($iUserId, $sClass, $iActionCode, dbObjectSet $aInstances);
abstract public function IsStimulusAllowed($iUserId, $sClass, $sStimulusCode, dbObjectSet $aInstances);
abstract public function IsActionAllowedOnAttribute($iUserId, $sClass, $sAttCode, $iActionCode, dbObjectSet $aInstances);
}
/**
* User management core API
*
* @package iTopORM
* @author Romain Quetiez <romainquetiez@yahoo.fr>
* @license http://www.opensource.org/licenses/lgpl-license.php LGPL
* @link www.itop.com
* @since 1.0
* @version $itopversion$
*/
class UserRights
{
protected static $m_oAddOn;
protected static $m_sUser;
protected static $m_sRealUser;
protected static $m_iUserId;
protected static $m_iRealUserId;
public static function SelectModule($sModuleName)
{
if (!class_exists($sModuleName))
{
trigger_error("Could not select this module, '$sModuleName' in not a valid class name", E_USER_ERROR);
return;
}
if (!is_subclass_of($sModuleName, 'UserRightsAddOnAPI'))
{
trigger_error("Could not select this module, the class '$sModuleName' is not derived from UserRightsAddOnAPI", E_USER_ERROR);
return;
}
self::$m_oAddOn = new $sModuleName;
self::$m_oAddOn->Init();
self::$m_sUser = '';
self::$m_sRealUser = '';
self::$m_iUserId = 0;
self::$m_iRealUserId = 0;
}
// Installation: create the very first user
public static function CreateAdministrator($sAdminUser, $sAdminPwd)
{
return self::$m_oAddOn->CreateAdministrator($sAdminUser, $sAdminPwd);
}
// Installation (e.g: give default values for users)
public static function Setup()
{
// to be discussed...
return self::$m_oAddOn->Setup();
}
protected static function IsLoggedIn()
{
return (!empty(self::$m_sUser));
}
public static function Login($sName, $sPassword)
{
self::$m_iUserId = self::$m_oAddOn->CheckCredentials($sName, $sPassword);
if ( self::$m_iUserId !== false )
{
self::$m_sUser = $sName;
self::$m_iRealUserId = self::$m_iUserId;
self::$m_sRealUser = $sName;
return true;
}
else
{
return false;
}
}
public static function Impersonate($sName, $sPassword)
{
if (!self::CheckLogin()) return false;
self::$m_iRealUserId = self::$m_oAddOn->CheckCredentials($sName, $sPassword);
if ( self::$m_iRealUserId !== false)
{
self::$m_sUser = $sName;
return true;
}
else
{
return false;
}
}
public static function GetUser()
{
return self::$m_sUser;
}
public static function GetUserId()
{
return self::$m_iUserId;
}
public static function GetRealUser()
{
return self::$m_sRealUser;
}
public static function GetRealUserId()
{
return self::$m_iRealUserId;
}
protected static function CheckLogin()
{
if (!self::IsLoggedIn())
{
//throw new UserRightException('No user logged in', array());
return false;
}
return true;
}
public static function GetFilter($sClass)
{
if (!MetaModel::HasCategory($sClass, 'bizModel')) return new DBObjectSearch($sClass);
if (!self::CheckLogin()) return false;
return self::$m_oAddOn->GetFilter(self::$m_iUserId, $sClass);
}
public static function IsActionAllowed($sClass, $iActionCode, dbObjectSet $aInstances)
{
if (!MetaModel::HasCategory($sClass, 'bizModel')) return true;
if (!self::CheckLogin()) return false;
return self::$m_oAddOn->IsActionAllowed(self::$m_iUserId, $sClass, $iActionCode, $aInstances);
}
public static function IsStimulusAllowed($sClass, $sStimulusCode, dbObjectSet $aInstances)
{
if (!MetaModel::HasCategory($sClass, 'bizModel')) return true;
if (!self::CheckLogin()) return false;
return self::$m_oAddOn->IsStimulusAllowed(self::$m_iUserId, $sClass, $sStimulusCode, $aInstances);
}
public static function IsActionAllowedOnAttribute($sClass, $sAttCode, $iActionCode, dbObjectSet $aInstances)
{
if (!MetaModel::HasCategory($sClass, 'bizModel')) return true;
if (!self::CheckLogin()) return false;
return self::$m_oAddOn->IsActionAllowedOnAttribute(self::$m_iUserId, $sClass, $sAttCode, $iActionCode, $aInstances);
}
}
?>
Reference in New Issue View Git Blame Copy Permalink