, Ghent University * * @package chamilo.permissions */ /** * This function stores the permissions in the correct table. * Since Checkboxes are used we do not know which ones are unchecked. * That's why we first delete them all (for the given user/group/role * and afterwards we store the checked ones only. * * @param $content are we storing rights for a user, a group or a role (the database depends on it) * @param $id the id of the user, group or role * * @author Patrick Cool , Ghent University * * @version 1.0 */ function store_permissions($content, $id) { $course_id = api_get_course_int_id(); // Which database are we using (depending on the $content parameter) if ($content == 'user') { $table = Database::get_course_table(TABLE_PERMISSION_USER); $id_field = user_id; } if ($content == 'group') { $table = Database::get_course_table(TABLE_PERMISSION_GROUP); $id_field = group_id; } if ($content == 'role') { $table = Database::get_course_table(TABLE_ROLE_PERMISSION); $id_field = role_id; } // We first delete all the existing permissions for that user/group/role $sql = "DELETE FROM $table WHERE c_id = $course_id AND $id_field = '".Database::escape_string($id)."'"; $result = Database::query($sql); // looping through the post values to find the permission (containing the string permission* ) foreach ($_POST as $key => $value) { if (strstr($key, "permission*")) { list($brol, $tool, $action) = explode("*", $key); $sql = "INSERT INTO $table (c_id, $id_field,tool,action) VALUES ($course_id, '".Database::escape_string($id)."','".Database::escape_string($tool)."','".Database::escape_string($action)."')"; $result = Database::query($sql); } } return get_lang('PermissionsStored'); } /** * This function stores one permission in the correct table. * * @param $content are we storing rights for a user, a group or a role (the database depends on it) * @param $action are we granting or revoking a permission? * @param $id the id of the user, group or role * @param $tool the tool * @param $permission the permission the user, group or role has been granted or revoked * * @author Patrick Cool , Ghent University * * @version 1.0 */ function store_one_permission($content, $action, $id, $tool, $permission) { global $rights_full; $course_id = api_get_course_int_id(); // for some reason I don't know, he can't get to the $rights_full array, so commented the following lines out. // check //if(!in_array($permission, $rights_full)) //{ // return get_lang('Error'); //} // Which database are we using (depending on the $content parameter) if ($content == 'user') { $table = Database::get_course_table(TABLE_PERMISSION_USER); $id_field = user_id; } if ($content == 'group') { $table = Database::get_course_table(TABLE_PERMISSION_GROUP); $id_field = group_id; } if ($content == 'role') { $table = Database::get_course_table(TABLE_ROLE_PERMISSION); $id_field = role_id; } // grating a right if ($action == 'grant') { $sql = "INSERT INTO $table (c_id, $id_field,tool,action) VALUES ($course_id, '".Database::escape_string($id)."','".Database::escape_string($tool)."','".Database::escape_string($permission)."')"; $result = Database::query($sql); if ($result) { $result_message = get_lang('PermissionGranted'); } } if ($action == 'revoke') { $sql = "DELETE FROM $table WHERE c_id = $course_id AND $id_field = '".Database::escape_string($id)."' AND tool='".Database::escape_string($tool)."' AND action='".Database::escape_string($permission)."'"; $result = Database::query($sql); if ($result) { $result_message = get_lang('PermissionRevoked'); } } return $result_message; } /** * This function retrieves the existing permissions of a user, group or role. * * @param $content are we retrieving the rights of a user, a group or a role (the database depends on it) * @param $id the id of the user, group or role * * @author Patrick Cool , Ghent University * * @version 1.0 */ function get_permissions($content, $id) { $course_id = api_get_course_int_id(); $currentpermissions = []; // Which database are we using (depending on the $content parameter) $course_id_condition = " c_id = $course_id AND "; if ($content == 'user') { $table = Database::get_course_table(TABLE_PERMISSION_USER); $id_field = 'user_id'; } elseif ($content == 'group') { $table = Database::get_course_table(TABLE_PERMISSION_GROUP); $id_field = 'group_id'; } elseif ($content == 'role') { $table = Database::get_course_table(TABLE_ROLE_PERMISSION); $id_field = 'role_id'; } elseif ($content == 'platform_role') { $table = Database::get_main_table(TABLE_ROLE_PERMISSION); $id_field = 'role_id'; $course_id_condition = ''; } elseif ($content == 'task') { $table = Database::get_course_table(TABLE_BLOGS_TASKS_PERMISSIONS); $id_field = 'task_id'; } // finding all the permissions. We store this in a multidimensional array // where the first dimension is the tool. $sql = " SELECT * FROM ".$table." WHERE $course_id_condition ".$id_field."='".Database::escape_string($id)."'"; $result = Database::query($sql); while ($row = Database::fetch_array($result)) { $currentpermissions[$row['tool']][] = $row['action']; } return $currentpermissions; } /** * the array that contains the current permission a user, group or role has will now be changed depending on * the Dokeos Config Setting for the permissions (limited [add, edit, delete] or full [view, add, edit, delete, move, visibility]. * * @param $content are we retrieving the rights of a user, a group or a role (the database depends on it) * @param $id the id of the user, group or role * * @author Patrick Cool , Ghent University * * @version 1.0 * * @todo currently there is a setting user_permissions and group_permissions. We should merge this in one config setting. */ function limited_or_full($current_permissions) { if (api_get_setting('permissions') == 'limited') { foreach ($current_permissions as $tool => $tool_rights) { // we loop through the possible permissions of a tool and unset the entry if it is view // if it is visibility or move we have to grant the edit right foreach ($tool_rights as $key => $value) { if ($value == 'View') { unset($current_permissions[$tool][$key]); } if ($value == 'Visibility' or $value == 'Move') { if (!in_array('Edit', $current_permissions[$tool])) { $current_permissions[$tool][] = 'Edit'; } unset($current_permissions[$tool][$key]); } //else //{ // $current_permissions[$tool][]=$value; //} } } return $current_permissions; } if (api_get_setting('permissions') == 'full') { return $current_permissions; } } /** * This function displays a checked or unchecked checkbox. The checkbox will be checked if the * user, group or role has the permission for the given tool, unchecked if the user, group or role * does not have the right. * * @param $permission_array the array that contains all the permissions of the user, group, role * @param $tool the tool we want to check a permission for * @param $permission the permission we want to check for * * @author Patrick Cool , Ghent University * * @version 1.0 */ function display_checkbox_matrix($permission_array, $tool, $permission, $inherited_permissions = []) { $checked = ""; if (is_array($permission_array[$tool]) and in_array($permission, $permission_array[$tool])) { $checked = "checked"; } echo "\t\t\t\n"; } /** * This function displays a checked or unchecked image. The image will be checked if the * user, group or role has the permission for the given tool, unchecked if the user, group or role * does not have the right. * * @param $permission_array the array that contains all the permissions of the user, group, role * @param $tool the tool we want to check a permission for * @param $permission the permission we want to check for * * @author Patrick Cool , Ghent University * * @version 1.0 */ function display_image_matrix($permission_array, $tool, $permission, $inherited_permissions = [], $course_admin = false, $editable = true) { if ($course_admin) { echo "\t\t\t"; } else { if (in_array($permission, $inherited_permissions[$tool])) { echo "\t\t\t"; } else { if (is_array($permission_array[$tool]) and in_array($permission, $permission_array[$tool])) { if ($editable) { $url = api_get_self(); $urlparameters = ''; foreach ($_GET as $key => $value) { $parameter[$key] = $value; } $parameter['action'] = 'revoke'; $parameter['permission'] = $permission; $parameter['tool'] = $tool; foreach ($parameter as $key => $value) { $urlparameters .= $key.'='.$value.'&'; } $url = $url.'?'.$urlparameters; echo "\t\t\t "; } echo ""; if ($editable) { echo ""; } } else { if ($editable) { $url = api_get_self(); $urlparameters = ''; foreach ($_GET as $key => $value) { $parameter[$key] = $value; } $parameter['action'] = 'grant'; $parameter['permission'] = $permission; $parameter['tool'] = $tool; foreach ($parameter as $key => $value) { $urlparameters .= $key.'='.$value.'&'; } $url = $url.'?'.$urlparameters; //echo "\t\t\t "; echo "\t\t\t "; } echo ""; if ($editable) { echo ""; } } } } } /** * Slightly modified: Toon Keppens * This function displays a checked or unchecked image. The image will be checked if the * user, group or role has the permission for the given tool, unchecked if the user, group or role * does not have the right. * * @param $permission_array the array that contains all the permissions of the user, group, role * @param $tool the tool we want to check a permission for * @param $permission the permission we want to check for * * @author Patrick Cool , Ghent University * * @version 1.0 */ function display_image_matrix_for_blogs($permission_array, $user_id, $tool, $permission, $inherited_permissions = [], $course_admin = false, $editable = true) { if ($course_admin) { echo "\t\t\t"; } else { if (!empty($inherited_permissions) and in_array($permission, $inherited_permissions[$tool])) { echo "\t\t\t"; } else { if (is_array($permission_array[$tool]) and in_array($permission, $permission_array[$tool])) { if ($editable) { $url = api_get_self(); $urlparameters = ''; foreach ($_GET as $key => $value) { $parameter[$key] = $value; } $parameter['action'] = 'manage_rights'; $parameter['do'] = 'revoke'; $parameter['permission'] = $permission; $parameter['tool'] = $tool; $parameter['user_id'] = $user_id; foreach ($parameter as $key => $value) { $urlparameters .= $key.'='.$value.'&'; } $url = $url.'?'.$urlparameters; echo "\t\t\t "; } echo ""; if ($editable) { echo ""; } } else { if ($editable) { $url = api_get_self(); $urlparameters = ''; foreach ($_GET as $key => $value) { $parameter[$key] = $value; } $parameter['action'] = 'manage_rights'; $parameter['do'] = 'grant'; $parameter['permission'] = $permission; $parameter['tool'] = $tool; $parameter['user_id'] = $user_id; foreach ($parameter as $key => $value) { $urlparameters .= $key.'='.$value.'&'; } $url = $url.'?'.$urlparameters; //echo "\t\t\t "; echo "\t\t\t "; } echo ""; if ($editable) { echo ""; } } } } } /** * This function displays a list off all the roles of the course (and those defined by the platform admin). * * @author Patrick Cool , Ghent University * * @version 1.0 */ function display_role_list($current_course_roles, $current_platform_roles) { global $setting_visualisation; $course_id = api_get_course_int_id(); $coures_roles_table = Database::get_course_table(TABLE_ROLE); // course roles $sql = "SELECT * FROM $coures_roles_table WHERE c_id = $course_id "; $result = Database::query($sql); while ($row = Database::fetch_array($result)) { if (in_array($row['role_id'], $current_course_roles)) { $checked = 'checked'; $image = 'checkbox_on2.gif'; $action = 'revoke'; } else { $checked = ''; $image = 'wrong.gif'; $action = 'grant'; } if ($setting_visualisation == 'checkbox') { echo ""; } if ($setting_visualisation == 'image') { echo ""; } echo $row['role_name']."
\n"; echo $row['role_comment']."
\n"; } } /** * This function gets all the current roles of the user or group. * * @param $content are we finding the roles for a user or a group (the database depends on it) * @param $id the id of the user or group * * @return array that contains the name of the roles the user has * * @todo consider having a separate table that contains only an id and a name of the role. * * @author Patrick Cool , Ghent University * * @version 1.0 */ function get_roles($content, $id, $scope = 'course') { $course_id = api_get_course_int_id(); if ($content == 'user') { $table = Database::get_course_table(TABLE_ROLE_USER); $id_field = user_id; } if ($content == 'group') { $table = Database::get_course_table(TABLE_ROLE_GROUP); $id_field = 'group_id'; } $table_role = Database::get_course_table(TABLE_ROLE); $current_roles = []; //$sql="SELECT role.role_id FROM $table role_group_user, $table_role role WHERE role_group_user.$id_field = '$id' AND role_group_user.role_id=role.role_id AND role_group_user.scope='".$scope."'";$sql="SELECT role.role_id FROM $table role_group_user, $table_role role WHERE role_group_user.$id_field = '$id' AND role_group_user.role_id=role.role_id AND role_group_user.scope='".$scope."'"; $sql = "SELECT role_id FROM $table WHERE c_id = $course_id AND $id_field = '$id' AND scope='".$scope."'"; $result = Database::query($sql); while ($row = Database::fetch_array($result)) { $current_roles[] = $row['role_id']; } return $current_roles; } /** * This function gets all the current roles of the user or group. * * @return array that contains the name of the roles the user has * * @author Patrick Cool , Ghent University * * @version 1.0 */ function get_all_roles($content = 'course') { $course_id = api_get_course_int_id(); $course_id_condition = " WHERE c_id = $course_id "; if ($content == 'course') { $table_role = Database::get_course_table(TABLE_ROLE); } if ($content == 'platform') { $table_role = Database::get_main_table(TABLE_ROLE); $course_id_condition = ''; } $current_roles = []; $sql = "SELECT * FROM $table_role $course_id_condition "; $result = Database::query($sql); while ($row = Database::fetch_array($result)) { $roles[] = $row; } return $roles; } /** * This function gets all the roles that are defined. * * @param $content are we finding the roles for a user or a group (the database depends on it) * @param $id the id of the user or group * @param string Deprecated parameter allowing use of 'platform' scope - the corresponding tables don't exist anymore so the scope is always set to 'course' * * @return array that contains the name of the roles the user has * * @todo consider having a separate table that contains only an id and a name of the role. * * @author Patrick Cool , Ghent University * * @version 1.0 */ function get_roles_permissions($content, $id, $scope = 'course') { $course_id = api_get_course_int_id(); if ($content == 'user') { $table = Database::get_course_table(TABLE_ROLE_USER); $id_field = 'user_id'; } if ($content == 'group') { $table = Database::get_course_table(TABLE_ROLE_GROUP); $id_field = 'group_id'; } // course roles or platform roles $scope = 'course'; if ($scope == 'course') { $table_role = Database::get_course_table(TABLE_ROLE); $table_role_permissions = Database::get_course_table(TABLE_ROLE_PERMISSION); $role_condition = " role.c_id = $course_id AND role_permissions.c_id = $course_id AND "; } if ($scope == 'platform') { $table_role = Database::get_main_table(TABLE_ROLE); $table_role_permissions = Database::get_main_table(TABLE_ROLE_PERMISSION); $role_condition = ''; } $sql = " SELECT * FROM ".$table." role_group_user, ".$table_role." role, ".$table_role_permissions." role_permissions WHERE role_group_user.c_id = $course_id AND $role_condition role_group_user.scope = '".$scope."' AND role_group_user.".$id_field." = '".$id."' AND role_group_user.role_id = role.role_id AND role.role_id = role_permissions.role_id"; $result = Database::query($sql); $current_role_permissions = []; while ($row = Database::fetch_array($result)) { $current_role_permissions[$row['tool']][] = $row['action']; } return $current_role_permissions; } /** * This function is called when we assign a role to a user or a group. * * @param $content are we assigning a role to a group or a user * @param $action we can grant a role to a group or user or revoke it * @param $id the user_id of the user or the group_id of the group * @param $role_id the id of the role we are giving to a user or a group * * @author Patrick Cool , Ghent University */ function assign_role($content, $action, $id, $role_id, $scope = 'course') { $course_id = api_get_course_int_id(); // Which database are we using (depending on the $content parameter) if ($content == 'user') { $table = Database::get_course_table(TABLE_ROLE_USER); $id_field = 'user_id'; } elseif ($content == 'group') { $table = Database::get_course_table(TABLE_ROLE_GROUP); $id_field = 'group_id'; } else { return get_lang('Error'); } // grating a right if ($action == 'grant') { $sql = "INSERT INTO $table (c_id, role_id, scope, $id_field) VALUES ($course_id, '".Database::escape_string($role_id)."','".Database::escape_string($scope)."','".Database::escape_string($id)."')"; $result = Database::query($sql); if ($result) { $result_message = get_lang('RoleGranted'); } } if ($action == 'revoke') { $sql = "DELETE FROM $table WHERE c_id = $course_id AND $id_field = '".Database::escape_string($id)."' AND role_id='".Database::escape_string($role_id)."'"; $result = Database::query($sql); if ($result) { $result_message = get_lang('RoleRevoked'); } } return $result_message; } /** * This function merges permission arrays. Each permission array has the * following structure * a permission array has a tool contanst as a key and an array as a value. * This value array consists of all the permissions that are granted in that tool. */ function permission_array_merge($array1, $array2) { foreach ($array2 as $tool => $permissions) { foreach ($permissions as $permissionkey => $permissionvalue) { $array1[$tool][] = $permissionvalue; } } return $array1; } function my_print_r($array) { echo '
';
    print_r($array);
    echo '
'; }