MIOLO: /usr/local/miolo2/classes/security/mperms.class Source File

00001 <?
00002 class MPerms extends MService
00003 {
00004     private $auth;
00005     public  $perms;
00006 
00007     function __construct()
00008     {
00009         parent::__construct();
00010         $this->auth = $this->manager->GetAuth();
00011         $this->perms = array
00012             (
00013             A_ACCESS  => "SELECT",
00014             A_INSERT  => "INSERT",
00015             A_DELETE  => "DELETE",
00016             A_UPDATE  => "UPDATE",
00017             A_EXECUTE => "EXECUTE",
00018             A_ADMIN   => "SYSTEM"
00019             );
00020     }
00021 
00022     function CheckAccess($transaction, $access, $deny = false)
00023     {
00024         if ($this->auth->IsLogged())
00025         {
00026             $login       = $this->auth->GetLogin();  // MLogin object
00027             $transaction = strtoupper($transaction); // Transaction name
00028             $isAdmin     = $login->IsAdmin(); // Is administrator?
00029             $rights      = (int)$login->rights[$transaction]; // user rights
00030             $rightsInAll = (int)$login->rights['ALL']; // user rights in all transactions
00031             $ok = (($rights & $access) == $access) || (($rightsInAll & $access) == $access) || ($isAdmin);
00032         }
00033 
00034         if (!$ok && $deny)
00035         {
00036             $msg = _M('Access Denied') . "<br><br>\n" . 
00037                    '<center><big><i><font color=red>' . _M('Transaction: ') . "$transaction</font></i></big></center><br><br>\n" .
00038                    _M('Please inform a valid login/password to access this content.') . "<br>";
00039 
00040             $users = $this->GetGroupsAllowed($transaction, $access);
00041             if ($users)
00042             {
00043                 $msg .= "<br><br>\n" . _M('Groups with access rights') . ":<ul><li>" . implode('<li>', $users) . '</ul>';
00044             }
00045             $go = $this->manager->history->Back('action'); 
00046             $error = Prompt::Error($msg, $go, $caption, '');
00047             $error->AddButton(_M('   Login   '), $this->manager->getActionURL($this->manager->getConf('login.module'),'login',null,array('return_to'=>urlencode($this->manager->history->Top()))), '');
00048             $this->manager->Prompt($error,$deny);
00049             //$this->manager->Error($msg, $go);
00050         }
00051         return $ok;
00052     }
00053 
00054     function GetTransactionRights($transaction, $login)
00055     {
00056         $user = $this->manager->GetBusinessMAD('user');
00057         $user->GetByLogin($login);
00058         return $user->GetTransactionRights($transaction);
00059     }
00060 
00061     function GetRights($login)
00062     {
00063         $user = $this->manager->GetBusinessMAD('user');
00064         $user->GetByLogin($login);
00065         return $user->GetRights($transaction);
00066     }
00067 
00068     function GetGroups($login)
00069     {
00070         $user = $this->manager->GetBusinessMAD('user');
00071         $user->GetByLogin($login);
00072         return $user->GetArrayGroups();
00073     }
00074 
00075     function isMemberOf($login, $group)
00076     {
00077         $groups = $this->auth->GetLogin()->groups;
00078         $ok = $groups[strtoupper($group)] || $groups['ADMIN'];
00079         return $ok;
00080     }
00081 
00082     function isAdmin()
00083     {
00084         return $this->auth->GetLogin()->IsAdmin();
00085     }
00086 
00087     function GetUsersAllowed($trans, $action = A_ACCESS)
00088     {
00089         $transaction = $this->manager->GetBusinessMAD('transaction');
00090         $transaction->GetByName($trans);
00091         return $transaction->GetUsersAllowed($action);
00092     }
00093 
00094     function GetGroupsAllowed($trans, $action = A_ACCESS)
00095     {
00096         $transaction = $this->manager->GetBusinessMAD('transaction');
00097         $transaction->GetByName($trans);
00098         return $transaction->GetGroupsAllowed($action);
00099     }
00100 }
00101 ?>