[Cs-webapplibs-commits] SF.net SVN: cs-webapplibs:[168] trunk/0.3
Status: Beta
Brought to you by:
crazedsanity
Menu
▾
▴
[Cs-webapplibs-commits] SF.net SVN: cs-webapplibs:[168] trunk/0.3
|
From: <cra...@us...> - 2010-06-15 02:16:18
|
Revision: 168
http://cs-webapplibs.svn.sourceforge.net/cs-webapplibs/?rev=168&view=rev
Author: crazedsanity
Date: 2010-06-15 02:16:11 +0000 (Tue, 15 Jun 2010)
Log Message:
-----------
The beginnings of a generic permissions system.
Added Paths:
-----------
trunk/0.3/abstract/cs_genericGroup.abstract.class.php
trunk/0.3/abstract/cs_genericPermission.abstract.class.php
trunk/0.3/abstract/cs_genericPermissionGroup.abstract.class.php
trunk/0.3/docs/example_genericPermission.php
trunk/0.3/setup/genericPermissions.pgsql.sql
Copied: trunk/0.3/abstract/cs_genericGroup.abstract.class.php (from rev 162, trunk/0.3/abstract/cs_gdlAttrib.abstract.class.php)
===================================================================
--- trunk/0.3/abstract/cs_genericGroup.abstract.class.php (rev 0)
+++ trunk/0.3/abstract/cs_genericGroup.abstract.class.php 2010-06-15 02:16:11 UTC (rev 168)
@@ -0,0 +1,96 @@
+<?php
+
+/*
+ * Created on June 03, 2010
+ *
+ * FILE INFORMATION:
+ *
+ * $HeadURL$
+ * $Id$
+ * $LastChangedDate$
+ * $LastChangedBy$
+ * $LastChangedRevision$
+ */
+
+abstract class cs_genericGroupAbstract extends cs_genericPermissionAbstract {
+
+ /** Table name used to store groups. */
+ const groupTable = "cswal_group_table";
+
+ /** Sequence for groups table. */
+ const groupSeq = "cswal_group_table_group_id_seq";
+
+ //============================================================================
+ public abstract function __construct(cs_phpDB $db) {
+ parent::__construct($db);
+ }//end __construct()
+ //============================================================================
+
+
+
+ //============================================================================
+ protected function clean_group_name($groupName) {
+ try {
+ $retval = $this->clean_permission_name($groupName);
+ }
+ catch(Exception $e) {
+ throw new exception(__METHOD__ .":: failed to clean group name (". $groupName .")");
+ }
+ return($retval);
+ }//end clean_group_name()
+ //============================================================================
+
+
+
+ //============================================================================
+ public function create_group($groupName) {
+ try {
+ $groupName = $this->clean_group_name($groupName);
+ $sql = "INSERT INTO ". self::groupTable ." (group_name) VALUES ('". $groupName ."')";
+ $newId = $this->db->run_insert($sql, self::groupSeq);
+ }
+ catch(Exception $e) {
+ throw new exception(__METHOD__ .":: failed to create group (". $groupName ."), DETAILS::: ". $e->getMessage());
+ }
+ return($newId);
+ }//end create_group()
+ //============================================================================
+
+
+
+ //============================================================================
+ public function get_group($groupName) {
+ try {
+ $groupName = $this->clean_group_name($groupName);
+ $sql = "SELECT * FROM ". self::groupTable ." WHERE group_name='". $groupName ."'";
+ $retval = $this->db->run_query($sql);
+ }
+ catch(Exception $e) {
+ throw new exception(__METHOD__ .":: failed to locate group (". $groupName ."), DETAILS::: ". $e->getMessage());
+ }
+ return($retval);
+ }//end get_group()
+ //============================================================================
+
+
+
+ //============================================================================
+ public function get_group_by_id($groupId) {
+ try {
+ if(!is_null($groupId) && is_numeric($groupId)) {
+ $sql = "SELECT * FROM ". self::groupTable ." WHERE group_id='". $groupId ."'";
+ $retval = $this->db->run_query($sql);
+ }
+ else {
+ throw new exception(__METHOD__ .":: invalid group ID (". $groupId .")");
+ }
+ }
+ catch(Exception $e) {
+ throw new exception(__METHOD__ .":: failed to locate group ID (". $groupId ."), DETAILS::: ". $e->getMessage());
+ }
+ return($retval);
+ }//end get_group_by_id()
+ //============================================================================
+
+}
+?>
Copied: trunk/0.3/abstract/cs_genericPermission.abstract.class.php (from rev 162, trunk/0.3/abstract/cs_gdlAttrib.abstract.class.php)
===================================================================
--- trunk/0.3/abstract/cs_genericPermission.abstract.class.php (rev 0)
+++ trunk/0.3/abstract/cs_genericPermission.abstract.class.php 2010-06-15 02:16:11 UTC (rev 168)
@@ -0,0 +1,122 @@
+<?php
+/*
+ * Created on June 03, 2010
+ *
+ * FILE INFORMATION:
+ *
+ * $HeadURL$
+ * $Id$
+ * $LastChangedDate$
+ * $LastChangedBy$
+ * $LastChangedRevision$
+ */
+
+abstract class cs_genericPermissionAbstract extends cs_webapplibsAbstract {
+
+ /** Database object. */
+ public $db;
+
+ /** cs_globalFunctions object, for cleaning strings & such. */
+ public $gfObj;
+
+ /** Table name used to store permissions. */
+ const permTable = "cswal_permission_table";
+
+ /** Sequence for permissions table. */
+ const permSeq = "cswal_permission_table_permission_id";
+
+ //============================================================================
+ public abstract function __construct(cs_phpDB $db) {
+ $this->db = $db;
+ $this->gfObj = new cs_globalFunctions;
+ }//end __construct()
+ //============================================================================
+
+
+
+ //============================================================================
+ protected function clean_permission_name($name) {
+ if(!is_null($name) && is_string($name) && strlen($name)) {
+ $name = $this->gfObj->cleanString(strtolower($name), 'email');
+ }
+ else {
+ throw new exception(__METHOD__ .":: invalid string (". $name .")");
+ }
+ }//end clean_permission_name()
+ //============================================================================
+
+
+
+ //============================================================================
+ public function create_permission($name) {
+ try{
+ $name = $this->clean_permission_name($name);
+ $sql = "INSERT INTO ". self::permTable ." (permission_name) VALUES ('". $name ."')";
+ $newId = $this->db->run_insert($sql, self::permSeq);
+ }
+ catch(Exception $e) {
+ throw new exception(__METHOD__ .":: failed to create new record, DETAILS::: ". $e->getMessage());
+ }
+
+ return($newId);
+ }//end create_permission()
+ //============================================================================
+
+
+
+ //============================================================================
+ public function get_permission($name) {
+ try {
+ $name = $this->clean_permission_name($name);
+ $sql = "SELECT * FROM ". self::permTable ." WHERE permission_name='". $name ."'";
+ $retval = $this->db->run_query($sql);
+ }
+ catch(Exception $e) {
+ throw new exception(__METHOD__ .":: error while locating permission '". $name ."', DETAILS::: ". $e->getMessage());
+ }
+
+ return($retval);
+ }//end get_permission()
+ //============================================================================
+
+
+
+ //============================================================================
+ public function get_permission_by_id($permId) {
+ try {
+ if(!is_null($permId) && is_numeric($permId)) {
+ $sql = "SELECT * FROM ". self::permTable ." WHERE permission_id='". $permId ."'";
+ $retval = $this->db->run_query($sql);
+ }
+ else {
+ throw new exception(__METHOD__ .":: invalid permission ID (". $permId .")");
+ }
+ }
+ catch(Exception $e) {
+ throw new exception(__METHOD__ .":: error while locating permission '". $permId ."', DETAILS::: ". $e->getMessage());
+ }
+
+ return($retval);
+ }//end get_permission_by_id()
+ //============================================================================
+
+
+
+ //============================================================================
+ /**
+ * Build the schema for permissions.
+ */
+ private function build_schema() {
+ try {
+ $result = $this->db->run_sql_file(dirname(__FILE__) .'/../setup/genericPermissions.pgsql.sql');
+ }
+ catch(Exception $e) {
+ throw new exception(__METHOD__ .":: failed to create schema, DETAILS::: ". $e->getMessage());
+ }
+ if($result !== true) {
+ throw new exception(__METHOD__ .":: failed to create schema (no details)");
+ }
+ }//end build_schema()
+ //============================================================================
+}
+?>
Copied: trunk/0.3/abstract/cs_genericPermissionGroup.abstract.class.php (from rev 162, trunk/0.3/abstract/cs_gdlAttrib.abstract.class.php)
===================================================================
--- trunk/0.3/abstract/cs_genericPermissionGroup.abstract.class.php (rev 0)
+++ trunk/0.3/abstract/cs_genericPermissionGroup.abstract.class.php 2010-06-15 02:16:11 UTC (rev 168)
@@ -0,0 +1,96 @@
+<?php
+
+/*
+ * Created on June 14, 2010
+ *
+ * FILE INFORMATION:
+ *
+ * $HeadURL$
+ * $Id$
+ * $LastChangedDate$
+ * $LastChangedBy$
+ * $LastChangedRevision$
+ */
+
+abstract class cs_genericPermissionGroupAbstract extends cs_genericGroupAbstract {
+
+ /** Table name used to store permission groups. */
+ const permGroupTable = "cswal_permission_group_table";
+
+ /** Sequence for permission_group table. */
+ const groupSeq = "cswal_permission_group_table_permission_group_id_seq";
+
+ //============================================================================
+ public abstract function __construct(cs_phpDB $db) {
+ parent::__construct($db);
+ }//end __construct()
+ //============================================================================
+
+
+
+ //============================================================================
+ protected function clean_perm_group_name($permGroupName) {
+ try {
+ $retval = $this->clean_group_name($permGroupName);
+ }
+ catch(Exception $e) {
+ throw new exception(__METHOD__ .":: failed to clean group name (". $groupName .")");
+ }
+ return($retval);
+ }//end clean_perm_group_name()
+ //============================================================================
+
+
+
+ //============================================================================
+ public function create_group($groupName) {
+ try {
+ $groupName = $this->clean_group_name($groupName);
+ $sql = "INSERT INTO ". self::groupTable ." (group_name) VALUES ('". $groupName ."')";
+ $newId = $this->db->run_insert($sql, self::groupSeq);
+ }
+ catch(Exception $e) {
+ throw new exception(__METHOD__ .":: failed to create group (". $groupName ."), DETAILS::: ". $e->getMessage());
+ }
+ return($newId);
+ }//end create_group()
+ //============================================================================
+
+
+
+ //============================================================================
+ public function get_group($groupName) {
+ try {
+ $groupName = $this->clean_group_name($groupName);
+ $sql = "SELECT * FROM ". self::groupTable ." WHERE group_name='". $groupName ."'";
+ $retval = $this->db->run_query($sql);
+ }
+ catch(Exception $e) {
+ throw new exception(__METHOD__ .":: failed to locate group (". $groupName ."), DETAILS::: ". $e->getMessage());
+ }
+ return($retval);
+ }//end get_group()
+ //============================================================================
+
+
+
+ //============================================================================
+ public function get_group_by_id($groupId) {
+ try {
+ if(!is_null($groupId) && is_numeric($groupId)) {
+ $sql = "SELECT * FROM ". self::groupTable ." WHERE group_id='". $groupId ."'";
+ $retval = $this->db->run_query($sql);
+ }
+ else {
+ throw new exception(__METHOD__ .":: invalid group ID (". $groupId .")");
+ }
+ }
+ catch(Exception $e) {
+ throw new exception(__METHOD__ .":: failed to locate group ID (". $groupId ."), DETAILS::: ". $e->getMessage());
+ }
+ return($retval);
+ }//end get_group_by_id()
+ //============================================================================
+
+}
+?>
Added: trunk/0.3/docs/example_genericPermission.php
===================================================================
--- trunk/0.3/docs/example_genericPermission.php (rev 0)
+++ trunk/0.3/docs/example_genericPermission.php 2010-06-15 02:16:11 UTC (rev 168)
@@ -0,0 +1,53 @@
+<?php
+
+//instantiate the permission object with a database & the proper UID.
+$permObj = new cs_genericUserPermission($page->db, $_SESSION['uid']);
+
+
+//Creating Permissions/Groups
+{
+ //create a group.
+ $permObj->create_group("blogs");
+
+ //define default permissions for the group.
+ //NOTE::: the "false" entries can be technically excluded, as the default is false.
+ $perms = array(
+ 'view' => true,
+ 'create' => true,
+ 'edit' => true,
+ 'set_timestamp' => true,
+ 'update_timestamp' => false,
+ 'delete_entry' => false,
+ 'set_draft' => true,
+ 'update_to_draft' => false
+ );
+ $permObj->set_group_perms("blogs", $perms);
+
+ //set specific permissions for a user.
+ //NOTE::: if the group or permission doesn't exist, this will throw an exception.
+ $permObj->set_user_perm("blogs", "update_timestamp");
+}
+
+
+//Checking Permissions/Groups
+{
+ //get a list of permissions...
+ $perms = $permObj->get_user_permissions();
+
+ //check if the user is part of a group... in this case, the "blogs" group.
+ $isGroupMember = $permObj->check_group_membership("blogs");
+
+ //Pull all available permissions for a group... again, the "blogs" group.
+ $allBlogsPerms = $permObj->get_group_perms("blogs");
+
+ //check permissions for a specific "group" (or "object")... in this case, "can the user create a blog?"
+ $hasPermission = $permObj->check_permission("blogs", "create");
+
+
+ //a more advanced check, involving membership in multiple cascading groups (unimplemented)... "can the user administratively view blogs?"
+ //NOTE::: the code in this method would have to allow an unlimited number of arguments (minimum 2), where the last one is the permission name.
+ #$permObj->check_cascading_permission("admin", "blogs", "view");
+}
+
+
+?>
Property changes on: trunk/0.3/docs/example_genericPermission.php
___________________________________________________________________
Added: svn:mime-type
+ text/plain
Added: trunk/0.3/setup/genericPermissions.pgsql.sql
===================================================================
--- trunk/0.3/setup/genericPermissions.pgsql.sql (rev 0)
+++ trunk/0.3/setup/genericPermissions.pgsql.sql 2010-06-15 02:16:11 UTC (rev 168)
@@ -0,0 +1,58 @@
+
+--
+-- Permission table
+-- Specific permissions: these are words used by the code to determine if the user has the appropriate permission.
+--
+CREATE TABLE cswal_permission_table (
+ permission_id serial NOT NULL PRIMARY KEY,
+ permission_name text NOT NULL UNIQUE
+);
+
+
+--
+-- Group table
+-- Enumerates a list of permissions for a specific group: i.e. for "blog", this could list "create", "edit", and "delete" (among others).
+--
+CREATE TABLE cswal_group_table (
+ group_id serial NOT NULL PRIMARY KEY,
+ group_name text NOT NULL UNIQUE
+);
+
+--
+-- Permission + Group table
+-- Enumerates permissions for a given group: any permissions not specifically entered are denied.
+--
+CREATE TABLE cswal_permission_group_table (
+ permission_group_id serial NOT NULL PRIMARY KEY,
+ permission_id integer NOT NULL REFERENCES cswal_permission_table(permission_id),
+ group_id integer NOT NULL REFERENCES cswal_group_table(group_id),
+ allowed boolean NOT NULL DEFAULT false,
+ description text
+);
+
+--
+-- User + Group table
+-- Assigns a user to one or more groups.
+-- NOTE::: the "user_id" column should be (manually) foreign-keyed to an existing user table.
+--
+CREATE TABLE cswal_user_group_table (
+ user_group_id serial NOT NULL PRIMARY KEY,
+ user_id integer NOT NULL,
+ group_id integer NOT NULL REFERENCES cswal_group_table(group_id)
+);
+
+
+--
+-- User + Permission table
+-- Give users specific permissions, overriding default and/or assigned group permissions.
+--
+CREATE TABLE cswal_user_permission_table (
+ user_permission_id serial NOT NULL PRIMARY KEY,
+ user_id integer NOT NULL,
+ group_id integer NOT NULL REFERENCES cswal_group_table(group_id),
+ permission_id integer NOT NULL REFERENCES cswal_permission_table(permission_id),
+ allowed boolean NOT NULL DEFAULT false
+);
+
+
+
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
