123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653 |
- <?php
- /**
- * This files contains the common functions for the permissions
- *
- * A list of all the functions (in no particular order)
- * ----------------------------------------------------
- * store_permissions($content,$id)
- * get_permissions($content,$id)
- * limited_or_full($current_permissions)
- * @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
- * @package chamilo.permissions
- */
- /**
- * This function stores the permissions in the correct table.
- * Since Checkboxes are used we do not know which ones are unchecked.
- * That's why we first delete them all (for the given user/group/role
- * and afterwards we store the checked ones only.
- * @param $content are we storing rights for a user, a group or a role (the database depends on it)
- * @param $id the id of the user, group or role
- * @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
- * @version 1.0
- */
- function store_permissions($content, $id) {
- $course_id = api_get_course_int_id();
-
- // Which database are we using (depending on the $content parameter)
- if ($content=='user')
- {
- $table=Database::get_course_table(TABLE_PERMISSION_USER);
- $id_field = user_id;
- }
- if ($content=='group')
- {
- $table=Database::get_course_table(TABLE_PERMISSION_GROUP);
- $id_field = group_id;
- }
- if ($content=='role')
- {
- $table=Database::get_course_table(TABLE_ROLE_PERMISSION);
- $id_field = role_id;
- }
- // We first delete all the existing permissions for that user/group/role
- $sql="DELETE FROM $table WHERE c_id = $course_id AND $id_field = '".Database::escape_string($id)."'";
- $result=Database::query($sql);
- // looping through the post values to find the permission (containing the string permission* )
- foreach ($_POST as $key => $value)
- {
- if (strstr($key,"permission*"))
- {
- list($brol,$tool,$action)=explode("*",$key);
- $sql="INSERT INTO $table (c_id, $id_field,tool,action) VALUES ($course_id, '".Database::escape_string($id)."','".Database::escape_string($tool)."','".Database::escape_string($action)."')";
- $result=Database::query($sql);
- }
- }
- return get_lang('PermissionsStored');
- }
- /**
- * This function stores one permission in the correct table.
- * @param $content are we storing rights for a user, a group or a role (the database depends on it)
- * @param $action are we granting or revoking a permission?
- * @param $id the id of the user, group or role
- * @param $tool the tool
- * @param $permission the permission the user, group or role has been granted or revoked
- * @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
- * @version 1.0
- */
- function store_one_permission($content, $action, $id, $tool,$permission) {
- global $rights_full;
- $course_id = api_get_course_int_id();
- // for some reason I don't know, he can't get to the $rights_full array, so commented the following lines out.
- // check
- //if(!in_array($permission, $rights_full))
- //{
- // return get_lang('Error');
- //}
- // Which database are we using (depending on the $content parameter)
-
- if ($content=='user') {
- $table=Database::get_course_table(TABLE_PERMISSION_USER);
- $id_field = user_id;
- }
- if ($content=='group')
- {
- $table=Database::get_course_table(TABLE_PERMISSION_GROUP);
- $id_field = group_id;
- }
- if ($content=='role')
- {
- $table=Database::get_course_table(TABLE_ROLE_PERMISSION);
- $id_field = role_id;
- }
- // grating a right
- if ($action=='grant') {
- $sql="INSERT INTO $table (c_id, $id_field,tool,action) VALUES ($course_id, '".Database::escape_string($id)."','".Database::escape_string($tool)."','".Database::escape_string($permission)."')";
- $result=Database::query($sql);
- if($result) {
- $result_message=get_lang('PermissionGranted');
- }
- }
- if ($action=='revoke')
- {
- $sql="DELETE FROM $table WHERE c_id = $course_id AND $id_field = '".Database::escape_string($id)."' AND tool='".Database::escape_string($tool)."' AND action='".Database::escape_string($permission)."'";
- $result=Database::query($sql);
- if($result) {
- $result_message=get_lang('PermissionRevoked');
- }
- }
- return $result_message;
- }
- /**
- * This function retrieves the existing permissions of a user, group or role.
- * @param $content are we retrieving the rights of a user, a group or a role (the database depends on it)
- * @param $id the id of the user, group or role
- * @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
- * @version 1.0
- */
- function get_permissions($content, $id) {
- $course_id = api_get_course_int_id();
- $currentpermissions=array();
- // Which database are we using (depending on the $content parameter)
- $course_id_condition = " c_id = $course_id AND ";
- if ($content == 'user')
- {
- $table=Database::get_course_table(TABLE_PERMISSION_USER);
- $id_field = 'user_id';
- }
- elseif ($content == 'group')
- {
- $table=Database::get_course_table(TABLE_PERMISSION_GROUP);
- $id_field = 'group_id';
- }
- elseif ($content == 'role')
- {
- $table=Database::get_course_table(TABLE_ROLE_PERMISSION);
- $id_field = 'role_id';
- }
- elseif ($content == 'platform_role')
- {
- $table=Database::get_main_table(TABLE_ROLE_PERMISSION);
- $id_field = 'role_id';
- $course_id_condition = '';
- }
- elseif ($content == 'task')
- {
- $table=Database::get_course_table(TABLE_BLOGS_TASKS_PERMISSIONS);
- $id_field = 'task_id';
- }
- // finding all the permissions. We store this in a multidimensional array
- // where the first dimension is the tool.
- $sql="
- SELECT * FROM " . $table . "
- WHERE $course_id_condition " . $id_field . "='" . Database::escape_string($id) . "'";
- $result = Database::query($sql);
- while($row = Database::fetch_array($result))
- $currentpermissions[$row['tool']][] = $row['action'];
- return $currentpermissions;
- }
- /**
- * the array that contains the current permission a user, group or role has will now be changed depending on
- * the Dokeos Config Setting for the permissions (limited [add, edit, delete] or full [view, add, edit, delete, move, visibility]
- * @param $content are we retrieving the rights of a user, a group or a role (the database depends on it)
- * @param $id the id of the user, group or role
- * @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
- * @version 1.0
- * @todo currently there is a setting user_permissions and group_permissions. We should merge this in one config setting.
- */
- function limited_or_full($current_permissions)
- {
- if (api_get_setting('permissions')=='limited')
- {
- foreach ($current_permissions as $tool=>$tool_rights)
- {
- // we loop through the possible permissions of a tool and unset the entry if it is view
- // if it is visibility or move we have to grant the edit right
- foreach ($tool_rights as $key=>$value)
- {
- if ($value=='View')
- {
- unset($current_permissions[$tool][$key]);
- }
- if ($value=='Visibility' OR $value=='Move')
- {
- if (!in_array('Edit',$current_permissions[$tool]))
- {
- $current_permissions[$tool][]='Edit';
- }
- unset($current_permissions[$tool][$key]);
- }
- //else
- //{
- // $current_permissions[$tool][]=$value;
- //}
- }
- }
- return $current_permissions;
- }
- if (api_get_setting('permissions')=='full')
- {
- return $current_permissions;
- }
- }
- /**
- * This function displays a checked or unchecked checkbox. The checkbox will be checked if the
- * user, group or role has the permission for the given tool, unchecked if the user, group or role
- * does not have the right
- * @param $permission_array the array that contains all the permissions of the user, group, role
- * @param $tool the tool we want to check a permission for
- * @param $permission the permission we want to check for
- * @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
- * @version 1.0
- */
- function display_checkbox_matrix($permission_array, $tool, $permission, $inherited_permissions=array())
- {
- $checked="";
- if (is_array($permission_array[$tool]) AND in_array($permission,$permission_array[$tool]))
- {
- $checked="checked";
- }
- echo "\t\t\t<input type=\"checkbox\" name=\"permission*$tool*$permission\" $checked>\n";
- }
- /**
- * This function displays a checked or unchecked image. The image will be checked if the
- * user, group or role has the permission for the given tool, unchecked if the user, group or role
- * does not have the right
- * @param $permission_array the array that contains all the permissions of the user, group, role
- * @param $tool the tool we want to check a permission for
- * @param $permission the permission we want to check for
- * @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
- * @version 1.0
- */
- function display_image_matrix($permission_array, $tool, $permission,$inherited_permissions=array(), $course_admin=false, $editable=true)
- {
- if ($course_admin) {
- echo "\t\t\t<img src=\"../img/checkbox_on3.gif\" border=\"0\"/ title=\"".get_lang('PermissionGrantedByGroupOrRole')."\">";
- } else {
- if (in_array($permission,$inherited_permissions[$tool])) {
- echo "\t\t\t<img src=\"../img/checkbox_on3.gif\" border=\"0\"/ title=\"".get_lang('PermissionGrantedByGroupOrRole')."\">";
- } else {
- if (is_array($permission_array[$tool]) AND in_array($permission,$permission_array[$tool])) {
- if ($editable) {
- $url=api_get_self();
- $urlparameters = '';
- foreach($_GET as $key=>$value) {
- $parameter[$key]=$value;
- }
- $parameter['action']='revoke';
- $parameter['permission']=$permission;
- $parameter['tool']=$tool;
- foreach ($parameter as $key=>$value) {
- $urlparameters.=$key.'='.$value.'&';
- }
- $url=$url.'?'.$urlparameters;
- echo "\t\t\t <a href=\"".$url."\">";
- }
- echo "<img src=\"../img/checkbox_on2.gif\" border=\"0\"/>";
- if ($editable) {
- echo "</a>";
- }
- } else {
- if ($editable)
- {
- $url=api_get_self();
- $urlparameters = '';
- foreach ($_GET as $key=>$value)
- {
- $parameter[$key]=$value;
- }
- $parameter['action']='grant';
- $parameter['permission']=$permission;
- $parameter['tool']=$tool;
- foreach ($parameter as $key=>$value)
- {
- $urlparameters.=$key.'='.$value.'&';
- }
- $url=$url.'?'.$urlparameters;
- //echo "\t\t\t <a href=\"".str_replace('&', '&', $_SERVER['REQUEST_URI'])."&action=grant&permission=$permission&tool=$tool\">";
- echo "\t\t\t <a href=\"".$url."\">";
- }
- echo "<img src=\"../img/wrong.gif\" border=\"0\"/>";
- if ($editable)
- {
- echo "</a>";
- }
- }
- }
- }
- }
- /**
- * Slightly modified: Toon Keppens
- * This function displays a checked or unchecked image. The image will be checked if the
- * user, group or role has the permission for the given tool, unchecked if the user, group or role
- * does not have the right
- * @param $permission_array the array that contains all the permissions of the user, group, role
- * @param $tool the tool we want to check a permission for
- * @param $permission the permission we want to check for
- * @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
- * @version 1.0
- */
- function display_image_matrix_for_blogs($permission_array, $user_id, $tool, $permission,$inherited_permissions=array(), $course_admin=false, $editable=true)
- {
- if ($course_admin)
- {
- echo "\t\t\t<img src=\"../img/checkbox_on3.gif\" border=\"0\"/ title=\"".get_lang('PermissionGrantedByGroupOrRole')."\">";
- }
- else
- {
- if (!empty($inherited_permissions) and in_array($permission,$inherited_permissions[$tool]))
- {
- echo "\t\t\t<img src=\"../img/checkbox_on3.gif\" border=\"0\"/ title=\"".get_lang('PermissionGrantedByGroupOrRole')."\">";
- }
- else
- {
- if (is_array($permission_array[$tool]) AND in_array($permission,$permission_array[$tool]))
- {
- if ($editable)
- {
- $url = api_get_self();
- $urlparameters = '';
- foreach($_GET as $key => $value)
- {
- $parameter[$key] = $value;
- }
- $parameter['action']='manage_rights';
- $parameter['do']='revoke';
- $parameter['permission']=$permission;
- $parameter['tool']=$tool;
- $parameter['user_id']=$user_id;
- foreach ($parameter as $key=>$value)
- {
- $urlparameters .= $key . '=' . $value . '&';
- }
- $url = $url . '?' . $urlparameters;
- echo "\t\t\t <a href=\"".$url."\">";
- }
- echo "<img src=\"../img/checkbox_on2.gif\" border=\"0\"/ title=\"".get_lang('UserHasPermission')."\">";
- if ($editable) {
- echo "</a>";
- }
- } else {
- if ($editable) {
- $url = api_get_self();
- $urlparameters = '';
- foreach ($_GET as $key=>$value) {
- $parameter[$key]=$value;
- }
- $parameter['action']='manage_rights';
- $parameter['do']='grant';
- $parameter['permission']=$permission;
- $parameter['tool']=$tool;
- $parameter['user_id']=$user_id;
- foreach ($parameter as $key=>$value) {
- $urlparameters .= $key . '=' . $value . '&';
- }
- $url=$url.'?'.$urlparameters;
- //echo "\t\t\t <a href=\"".str_replace('&', '&', $_SERVER['REQUEST_URI'])."&action=grant&permission=$permission&tool=$tool\">";
- echo "\t\t\t <a href=\"".$url."\">";
- }
- echo "<img src=\"../img/wrong.gif\" border=\"0\"/ title=\"".get_lang('UserHasPermissionNot')."\">";
- if ($editable) {
- echo "</a>";
- }
- }
- }
- }
- }
- /**
- * This function displays a list off all the roles of the course (and those defined by the platform admin)
- * @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
- * @version 1.0
- */
- function display_role_list($current_course_roles, $current_platform_roles)
- {
- global $setting_visualisation;
- $course_id = api_get_course_int_id();
- $coures_roles_table=Database::get_course_table(TABLE_ROLE);
- $platform_roles_table=Database::get_main_table(TABLE_ROLE);
- /*
- // platform roles
- $sql="SELECT * FROM $platform_roles_table";
- $result=Database::query($sql);
- while ($row=Database::fetch_array($result))
- {
- if(in_array($row['role_id'], $current_platform_roles))
- {
- $checked='checked';
- $image='checkbox_on2.gif';
- $action='revoke';
- }
- else
- {
- $checked='';
- $image='wrong.gif';
- $action='grant';
- }
- if($setting_visualisation=='checkbox')
- {
- echo "<input type=\"checkbox\" name=\"role*platform*".$row['role_id']."\" $checked>";
- }
- if($setting_visualisation=='image')
- {
- echo "<a href=\"".str_replace('&', '&', $_SERVER['REQUEST_URI'])."&action=$action&role=".$row['role_id']."&scope=platform\"><img src=\"../img/".$image."\" border=\"0\"/></a>";
- }
- echo $row['role_name']."<br />\n";
- echo $row['role_comment']."<br />\n";
- }
- */
- // course roles
- $sql="SELECT * FROM $coures_roles_table WHERE c_id = $course_id ";
- $result=Database::query($sql);
- while ($row=Database::fetch_array($result))
- {
- if (in_array($row['role_id'], $current_course_roles))
- {
- $checked='checked';
- $image='checkbox_on2.gif';
- $action='revoke';
- }
- else
- {
- $checked='';
- $image='wrong.gif';
- $action='grant';
- }
- if ($setting_visualisation=='checkbox')
- {
- echo "<input type=\"checkbox\" name=\"role*course*".$row['role_id']."\" $checked>";
- }
- if ($setting_visualisation=='image')
- {
- echo "<a href=\"".str_replace('&', '&', $_SERVER['REQUEST_URI'])."&action=$action&role=".$row['role_id']."&scope=course\"><img src=\"../img/".$image."\" border=\"0\"/></a>";
- }
- echo $row['role_name']." <a href=\"../blog/permissions/roles.php?role_id=".$row['role_id']."&scope=course\"><img src=\"../img/edit.gif\" /></a><br />\n";
- echo $row['role_comment']."<br />\n";
- }
- }
- /**
- * This function gets all the current roles of the user or group
- * @param $content are we finding the roles for a user or a group (the database depends on it)
- * @param $id the id of the user or group
- * @return array that contains the name of the roles the user has
- * @todo consider having a separate table that contains only an id and a name of the role.
- * @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
- * @version 1.0
- */
- function get_roles($content,$id, $scope='course') {
- $course_id = api_get_course_int_id();
- if ($content=='user') {
- $table=Database::get_course_table(TABLE_ROLE_USER);
- $id_field = user_id;
- }
- if ($content=='group') {
- $table=Database::get_course_table(TABLE_ROLE_GROUP);
- $id_field = 'group_id';
- }
- $table_role=Database::get_course_table(TABLE_ROLE);
- $current_roles=array();
- //$sql="SELECT role.role_id FROM $table role_group_user, $table_role role WHERE role_group_user.$id_field = '$id' AND role_group_user.role_id=role.role_id AND role_group_user.scope='".$scope."'";$sql="SELECT role.role_id FROM $table role_group_user, $table_role role WHERE role_group_user.$id_field = '$id' AND role_group_user.role_id=role.role_id AND role_group_user.scope='".$scope."'";
- $sql="SELECT role_id FROM $table WHERE c_id = $course_id AND $id_field = '$id' AND scope='".$scope."'";
- $result=Database::query($sql);
- while ($row=Database::fetch_array($result)) {
- $current_roles[]=$row['role_id'];
- }
- return $current_roles;
- }
- /**
- * This function gets all the current roles of the user or group
- * @return array that contains the name of the roles the user has
- * @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
- * @version 1.0
- */
- function get_all_roles($content='course') {
- $course_id = api_get_course_int_id();
- $course_id_condition = " WHERE c_id = $course_id ";
-
- if ($content=='course')
- {
- $table_role=Database::get_course_table(TABLE_ROLE);
- }
- if ($content=='platform')
- {
- $table_role=Database::get_main_table(TABLE_ROLE);
- $course_id_condition = '';
- }
- $current_roles=array();
- $sql="SELECT * FROM $table_role $course_id_condition ";
- $result=Database::query($sql);
- while ($row=Database::fetch_array($result))
- {
- $roles[]=$row;
- }
- return $roles;
- }
- /**
- * This function gets all the roles that are defined
- * @param $content are we finding the roles for a user or a group (the database depends on it)
- * @param $id the id of the user or group
- * @param string Deprecated parameter allowing use of 'platform' scope - the corresponding tables don't exist anymore so the scope is always set to 'course'
- * @return array that contains the name of the roles the user has
- * @todo consider having a separate table that contains only an id and a name of the role.
- * @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
- * @version 1.0
- */
- function get_roles_permissions($content,$id, $scope='course') {
- $course_id = api_get_course_int_id();
- if ($content == 'user') {
- $table=Database::get_course_table(TABLE_ROLE_USER);
- $id_field = 'user_id';
- }
- if ($content == 'group') {
- $table = Database::get_course_table(TABLE_ROLE_GROUP);
- $id_field = 'group_id';
- }
- // course roles or platform roles
- $scope = 'course';
- if ($scope == 'course') {
- $table_role = Database::get_course_table(TABLE_ROLE);
- $table_role_permissions = Database::get_course_table(TABLE_ROLE_PERMISSION);
-
- $role_condition = " role.c_id = $course_id AND role_permissions.c_id = $course_id AND ";
- }
- if ($scope == 'platform') {
- $table_role = Database::get_main_table(TABLE_ROLE);
- $table_role_permissions = Database::get_main_table(TABLE_ROLE_PERMISSION);
- $role_condition = '';
- }
- $current_roles = array();
- $sql = "
- SELECT *
- FROM
- " . $table . " role_group_user,
- " . $table_role . " role,
- " . $table_role_permissions . " role_permissions
- WHERE
- role_group_user.c_id = $course_id AND
- $role_condition
- role_group_user.scope = '" . $scope . "' AND
- role_group_user." . $id_field . " = '" . $id . "' AND
- role_group_user.role_id = role.role_id AND
- role.role_id = role_permissions.role_id";
- $result = Database::query($sql);
- $current_role_permissions = array();
- while ($row=Database::fetch_array($result)) {
- $current_role_permissions[$row['tool']][]=$row['action'];
- }
- return $current_role_permissions;
- }
- /**
- * This function is called when we assign a role to a user or a group
- * @param $content are we assigning a role to a group or a user
- * @param $action we can grant a role to a group or user or revoke it
- * @param $id the user_id of the user or the group_id of the group
- * @param $role_id the id of the role we are giving to a user or a group.
- * @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
- */
- function assign_role($content, $action, $id, $role_id, $scope='course') {
- $course_id = api_get_course_int_id();
- // Which database are we using (depending on the $content parameter)
- if ($content=='user') {
- $table=Database::get_course_table(TABLE_ROLE_USER);
- $id_field = 'user_id';
- } elseif($content=='group') {
- $table=Database::get_course_table(TABLE_ROLE_GROUP);
- $id_field = 'group_id';
- } else {
- return get_lang('Error');
- }
- // grating a right
- if ($action=='grant') {
- $sql="INSERT INTO $table (c_id, role_id, scope, $id_field) VALUES ($course_id, '".Database::escape_string($role_id)."','".Database::escape_string($scope)."','".Database::escape_string($id)."')";
- $result=Database::query($sql);
- if ($result) {
- $result_message=get_lang('RoleGranted');
- }
- }
-
- if ($action=='revoke') {
- $sql="DELETE FROM $table WHERE c_id = $course_id AND $id_field = '".Database::escape_string($id)."' AND role_id='".Database::escape_string($role_id)."'";
- $result=Database::query($sql);
- if ($result) {
- $result_message=get_lang('RoleRevoked');
- }
- }
- return $result_message;
- }
- /**
- * This function merges permission arrays. Each permission array has the following structure
- * a permission array has a tool contanst as a key and an array as a value. This value array consists of all the permissions that are granted in that tool.
- */
- function permission_array_merge($array1, $array2)
- {
- foreach ($array2 as $tool=>$permissions)
- {
- foreach ($permissions as $permissionkey=>$permissionvalue)
- {
- $array1[$tool][]=$permissionvalue;
- }
- }
- return $array1;
- }
- function my_print_r($array)
- {
- echo '<pre>';
- print_r($array);
- echo '</pre>';
- }
- ?>
|