[Webnotes-cvs] webnotes/core access_api.php,1.5,1.6 config_defaults_inc.php,1.1,1.2 constants_inc.php,1.4,1.5

[<vb...@us...>]

Update of /cvsroot/webnotes/webnotes/core
In directory usw-pr-cvs1:/tmp/cvs-serv18631/core

Modified Files:
	access_api.php config_defaults_inc.php constants_inc.php 
Log Message:
Started working on the access levels infrastructure

Index: access_api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/access_api.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- access_api.php	16 Sep 2002 13:27:20 -0000	1.5
+++ access_api.php	18 Sep 2002 06:55:02 -0000	1.6
@@ -9,6 +9,17 @@
 	# --------------------------------------------------------
 
 	# --------------------
+	# function to be called when a user is attempting to access a page that
+	# he/she is not authorised to.  This outputs an access denied message then
+	# re-directs to the mainpage.
+	function access_denied( $p_url = null ) {
+		echo '<div class="error">';
+		echo 'Access Denied';
+		# print_bracket_link( $p_url, lang_get( 'proceed' ) );
+		print '</div>';
+		exit;
+	}
+	# --------------------
 	# Check to see that the unique identifier is really unique
 	function check_cookie_string_duplicate( $p_cookie_string ) {
 		global $g_phpWN_user_table;
@@ -136,4 +147,46 @@
 		}
 	}
 	### --------------------
+	# Make sure that the specified action can be done by the logged-in user
+	# true: allowed
+	# false: not allowed
+	# if for this action a threshold is defined, it will be used.
+	# if the threshold is set to NOBODY, the specified set of user types will be used.
+	# if action is unknown, then it will return false
+	function access_check_action( $p_action ) {
+		global $g_string_cookie_val, $g_access_levels, $g_access_sets;
+
+		if ( !isset( $g_access_levels[$p_action] ) ) {
+			return false;
+		}
+
+		if ( empty( $g_string_cookie_val ) ) {
+			$t_access_level = ANONYMOUS;
+		} else {
+			$t_user = user_get_info( user_where_current() );
+			if ( false === $t_user ) {
+				return false;
+			}
+
+			$t_access_level = $t_user['access_level'];
+		}
+
+		if ( NOBODY !== $g_access_levels[$p_action] ) {
+			return ( $t_access_level >= $g_access_levels[$p_action] );
+		}
+
+		if ( !isset( $g_access_sets[$p_action] ) ) {
+			return false;
+		}
+
+		return ( in_array( $t_access_level, $g_access_sets[$p_action] ) );
+	}
+	### --------------------
+	function access_ensure_check_action( $p_action, $p_url = null ) {
+		if ( access_check_action( $p_action ) ) {
+			return;
+		}
+
+		access_denied( $p_url );
+	}
 ?>

Index: config_defaults_inc.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/config_defaults_inc.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- config_defaults_inc.php	17 Sep 2002 22:18:24 -0000	1.1
+++ config_defaults_inc.php	18 Sep 2002 06:55:03 -0000	1.2
@@ -125,9 +125,42 @@
 
 	# AUTH_MD5, AUTH_CRYPT, AUTH_PLAIN
 	$g_auth_type = AUTH_PLAIN;
-	
+
 	# allow users to signup for their own accounts
 	$g_allow_signup = ON;
+
+	# Access Levels
+	# any user with an access level that is greater than or equal to the specified
+	# threshold, will be able to perform the action.  If an action is to be disabled
+	# for all access levels (including administrator) or to be only allowed for a
+	# specified set of access levels ($g_access_sets), then it should be set to
+	# NOBODY.
+	$g_access_levels = array(
+				ACTION_NOTES_VIEW => ANONYMOUS,
+				ACTION_NOTES_SUBMIT => ANONYMOUS,
+				ACTION_NOTES_EDIT => MODERATOR,
+				ACTION_NOTES_EDIT_OWN => REGISTERED,
+				ACTION_NOTES_DELETE_OWN => REGISTERED,
+				ACTION_NOTES_ACCEPT => MODERATOR,
+				ACTION_NOTES_ARCHIVE => MODERATOR,
+				ACTION_USER_ADD => ADMINISTRATOR,
+				ACTION_USER_EDIT => ADMINISTRATOR,
+				ACTION_USER_DELETE => ADMINISTRATOR );
+
+	# This array specified for each action, the user types that can perform it.
+	# This is more flexible than specifying a threshold.  This is only used when
+	# the threshold is set to NOBODY for the specified action.
+	$g_access_sets = array(
+				ACTION_NOTES_VIEW => array(),
+				ACTION_NOTES_SUBMIT => array(),
+				ACTION_NOTES_EDIT => array(),
+				ACTION_NOTES_EDIT_OWN => array(),
+				ACTION_NOTES_DELETE_OWN => array(),
+				ACTION_NOTES_ACCEPT => array(),
+				ACTION_NOTES_ARCHIVE => array(),
+				ACTION_USER_ADD => array(),
+				ACTION_USER_EDIT => array(),
+				ACTION_USER_DELETE => array() );
 
 	###################
 	# EMAIL SETTINGS

Index: constants_inc.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/constants_inc.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- constants_inc.php	15 Sep 2002 04:03:52 -0000	1.4
+++ constants_inc.php	18 Sep 2002 06:55:03 -0000	1.5
@@ -21,6 +21,7 @@
 	define( 'AUTH_MD5',        2 );
 
 	# User Levels
+	define( 'NOBODY',        100 );  # to disable an action completely (no user has access level 100)
 	define( 'ADMINISTRATOR',  90 );
 	define( 'MODERATOR',      70 );
 	define( 'REGISTERED',     40 );
@@ -36,6 +37,6 @@
 	define( 'ACTION_NOTES_ACCEPT',      7 );
 	define( 'ACTION_NOTES_ARCHIVE',     8 );
 	define( 'ACTION_USER_ADD',         51 );
-	define( 'ACTION_USER_MODIFY',      52 );
+	define( 'ACTION_USER_EDIT',        52 );
 	define( 'ACTION_USER_DELETE',      53 );
 ?>