acl[EVERYBODY] = 0; acl_raise($obj,$adr->id,$tutos[delok]); # 0 = everybody can see it if ( $tutos[defaultacl] == 0 ) { $obj->acl[EVERYBODY] = $tutos[seeok]; return; } if ( ($adr->getType() != "address") && ($adr->getType() != "user") ) { return; } team::obj_read($adr); # 1 = teams can see it if ( $tutos[defaultacl] == 1 ) { # When no teams are defined everybody may see foreach($adr->teamlist as $i => $f) { acl_raise($obj,$i,$tutos[seeok]); } return; } # 2 = defaultgroups can see it if ( $tutos[defaultacl] == 2 ) { if ( $adr->getType() == "user" ) { # When no defaultgroups are defined everybody may see if ( count($adr->acldefault) == 0 ) { $obj->acl[EVERYBODY] = $tutos[seeok]; } else { foreach($adr->acldefault as $i => $f) { if ($i == MYTEAMS) { # expand a -2(MYTEAMS) to all the teams of that user foreach($adr->teamlist as $i2 => $f2) { acl_raise($obj,$i2,$f); } } else { acl_raise($obj,$i,$f); } } } } return; } } /** * read acl entries for an object */ Function acl_read(&$obj) { global $tutos; if ( $obj->gettype() == "user" ) { $id = $obj->uid; } else { $id = $obj->id; } if ( $id == "" ) { # Something went wrong everybody may see it $obj->acl[EVERYBODY] = $tutos[seeok]; return; } # echo $obj->gettype(); $q = "SELECT adr_id,perm FROM ". $obj->dbconn->prefix ."acl WHERE obj_id = ". $id; $r = $obj->dbconn->Exec($q); $n = $r->numrows(); # ???? if ( $n > 0 ) { $obj->acl = array(); } $a = 0; while ($a < $n) { $perm = (int)$r->get($a, "perm"); if ( $perm > 0 ) { $obj->acl[(int)$r->get($a, "adr_id")] = $perm; } $a++; } # Defaults to seeok if ( $n == 0 ) { $obj->acl[EVERYBODY] = $tutos[seeok]; } $r->free(); return; } /** * save acl entries for an object */ Function acl_save(&$obj) { if ( $obj->gettype() == "user" ) { $id = $obj->uid; } else { $id = $obj->id; } if ( $id < 0 ) return; $q = "DELETE FROM ". $obj->dbconn->prefix ."acl WHERE obj_id = ". $id; $r = $obj->dbconn->Exec($q); if ( isset($obj->acl) && (count($obj->acl) > 0) ) { @reset($obj->acl); while ( list ($i,$f) = @each ($obj->acl) ) { if ( ($i > -1) && (gettype($i) == "integer") && ($f > 0) ) { $q = "INSERT INTO ". $obj->dbconn->prefix ."acl (obj_id,adr_id,perm) VALUES (". $id .",". $i .",". $f .")"; $r = $obj->dbconn->Exec($q); } } } } /** * delete acl entries for a object to be deleted */ Function acl_delete_obj(&$obj) { if ( $obj->id < 0 ) return; $msg = ""; $q = "DELETE FROM ". $obj->dbconn->prefix ."acl WHERE obj_id = ". $obj->id ." OR adr_id = ". $obj->id; $r = $obj->dbconn->Exec($q); $q = "DELETE FROM ". $obj->dbconn->prefix ."acldefault WHERE obj_id = ". $obj->id ." OR adr_id = ". $obj->id; $r = $obj->dbconn->Exec($q); return $msg; } /** * read defaultacl entries for an object * to be used with $tutos[defaultacl] = 2 */ Function acl_readdefault(&$obj) { global $tutos; if ( $obj->gettype() != "user" ) return; $id = $obj->uid; if ( $id == "" ) { # Something went wrong everybody may see it $obj->acl[EVERYBODY] = $tutos[seeok]; return; } $q = "SELECT adr_id,perm FROM ". $obj->dbconn->prefix ."acldefault WHERE obj_id = ". $id; $r = $obj->dbconn->Exec($q); $n = $r->numrows(); if ( $n > 0 ) { $obj->acldefault = array(); } $a = 0; while ($a < $n) { $obj->acldefault[$r->get($a, "adr_id")] = $r->get($a, "perm"); $a++; } $r->free(); return; } /** * save acldefault entries for an object * to be used with $tutos[defaultacl] = 2 */ Function acl_savedefault(&$obj) { if ( $obj->gettype() != "user" ) return; $id = $obj->uid; $q = "DELETE FROM ". $obj->dbconn->prefix ."acldefault WHERE obj_id = ". $id; $r = $obj->dbconn->Exec($q); if ( isset($obj->acldefault) && (count($obj->acldefault) > 0) ) { foreach($obj->acldefault as $i => $f) { if ( ($i == MYTEAMS) || ( ($i > -1) && (gettype($i) == "integer") && ($f > 0) ) ) { $q = "INSERT INTO ". $obj->dbconn->prefix ."acldefault (obj_id,adr_id,perm) VALUES (". $id .",". $i .",". $f .")"; $r = $obj->dbconn->Exec($q); } } } } /** * delete acldefault entries for a object to be deleted * to be used with $tutos[defaultacl] = 2 */ Function acl_deletedefault(&$obj) { $msg = ""; $q = "DELETE FROM ". $obj->dbconn->prefix ."acldefault WHERE obj_id = ". $obj->id; $r = $obj->dbconn->Exec($q); return $msg; } /** * check access level ( > $level ) to an object */ Function acl_ok(&$obj,$level) { global $tutos,$current_user; if ( ($tutos[useacl] != 1) || is_admin($current_user)) { return 99; } if (! isset($obj->acl) ) return 0; if (count($obj->acl) < 1) return 0; team::obj_read($current_user); foreach($obj->acl as $i => $f) { # Rights granted explicit for current_user if ( ($i > 0) && ($current_user->id == $i) && ($f > $level) ) { return $f; } # Rights we got via team membership if ( count($current_user->teamlist) > 0 ) { foreach($current_user->teamlist as $i2 => $f2) { if ( ($i == $i2) && ($f > $level) ) { return $f; } } } # Everybody if ( ($i == EVERYBODY) && ($f > $level) ) { return $f; } } return 0; } /** * check show access ( > 0 ) to an object */ Function acl_see_ok(&$obj) { global $tutos; # if no permissions are defined the see is ok if (isset($obj->acl) && (count($obj->acl) > 0) ) { return acl_ok($obj,$tutos[seeok] -1); } else { return $tutos[seeok]; } } /** * check use access to an object */ Function acl_use_ok(&$obj) { global $tutos; # if no permissions are defined the use is ok if (isset($obj->acl) && (count($obj->acl) > 0) ) { return acl_ok($obj,$tutos[useok] -1); } else { return $tutos[useok]; } } /** * check modification access ( > 9 ) to an object */ Function acl_mod_ok(&$obj) { global $tutos; return acl_ok($obj,$tutos[modok] -1); } /** * check deletion access ( > 19 ) to an object */ Function acl_del_ok(&$obj) { global $tutos; return acl_ok($obj,$tutos[delok] -1); } /** * raise the permissions to given level if below */ Function acl_raise(&$obj,$adr_id,$level) { if (! isset ($obj->acl[$adr_id]) || ($obj->acl[$adr_id] < $level) ) { $obj->acl[$adr_id] = $level; } } /** * lower the permissions to given level if above */ Function acl_lower(&$obj,$adr_id,$level) { if (! isset ($obj->acl[$adr_id]) || ($obj->acl[$adr_id] > $level) ) { $obj->acl[$adr_id] = $level; } } /** * lower the permissions to given level if above */ Function acl_set(&$obj,$adr_id,$level) { $obj->acl[$adr_id] = $level; } /** * give a link to change/see acls */ Function acl_link(&$obj,$text = "") { global $tutos,$lang,$current_user; if ( $tutos[useacl] != 1 ) { return; } if ( $obj->gettype() == "user" ) { $id = $obj->uid; } else { $id = $obj->id; } if ( $id == -1 ) { return; } if ( $text == "" ) { $text = "(". $lang['permissions'] .")"; } if ( $current_user->isadmin() || $obj->del_ok() ) { return makelink("acl_new.php?id=". $id ,$text,$lang['ACLmod']); } return makelink("acl_show.php?id=". $id ,$text,$lang['ACLsee']); } /** * parse the permissions form provided by the function permission_form */ function parse_permission_form(&$obj) { global $gotourl; $msg = ""; for ( $i1 = -1 ; $i1 > -100 ; $i1-- ) { $x = "f".$i1; if ( isset($_POST[$x]) ) { $obj->p[(integer)$i1] = 0; foreach($_POST[$x] as $i2 => $f2) { $obj->p[(integer)$i1] = (integer)$obj->p[(integer)$i1] | (integer)$f2; $gotourl= addUrlParameter($gotourl,$x."[]=". UrlEncode($f2),true); } } } return $msg; } /** * HTML form to enter feature permissions */ function permission_form(&$layout,&$user,&$obj) { global $lang,$tutos,$permskip; # skip data table # entries tha are not useful will be skipped $permskip[usemaplink][PERM_NEW] = 1; $permskip[usemaplink][PERM_MOD] = 1; $permskip[usemaplink][PERM_DEL] = 1; $permskip[usemaplink][PERM_SEL] = 1; $permskip[usemaplink][PERM_USE] = 1; $permskip[usefax][PERM_SEE] = 1; $permskip[usefax][PERM_MOD] = 1; $permskip[usefax][PERM_DEL] = 1; $permskip[usefax][PERM_SEL] = 1; $permskip[usefax][PERM_USE] = 1; $permskip[usesms][PERM_NEW] = 1; $permskip[usesms][PERM_MOD] = 1; $permskip[usesms][PERM_DEL] = 1; $permskip[usesms][PERM_SEL] = 1; $permskip[usesms][PERM_USE] = 1; $permskip[useoverlib][PERM_NEW] = 1; $permskip[useoverlib][PERM_MOD] = 1; $permskip[useoverlib][PERM_DEL] = 1; $permskip[useoverlib][PERM_SEL] = 1; $permskip[useoverlib][PERM_USE] = 1; $permskip[usemail][PERM_SEE] = 1; $permskip[usemail][PERM_MOD] = 1; $permskip[usemail][PERM_DEL] = 1; $permskip[usemail][PERM_SEL] = 1; $permskip[usemail][PERM_USE] = 1; $permskip[usehistory][PERM_NEW] = 1; $permskip[usehistory][PERM_MOD] = 1; $permskip[usehistory][PERM_DEL] = 1; $permskip[usehistory][PERM_SEL] = 1; $permskip[usehistory][PERM_USE] = 1; # extend lang perm with the module permissions # read the language files of modules foreach ($tutos[modules] as $r => $x) { loadmodule($r); if (!isset($lang['perm'][$x['perm']]) ) { $lang['perm'][$x['perm']] = $r; } $lang['perm'][$x['perm']] .= " (MODULE)"; } echo "\n"; echo "