summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--app/class/object.class.php313
1 files changed, 313 insertions, 0 deletions
diff --git a/app/class/object.class.php b/app/class/object.class.php
index 8a4b956..a409fa9 100644
--- a/app/class/object.class.php
+++ b/app/class/object.class.php
@@ -280,6 +280,319 @@ abstract class Object extends Framework
return $members;
}
+
+ /*
+ * Check if given user (or group) is the owner if this object
+ */
+ function isOwner($ug)
+ {
+ return $this->getOwner()->guid == $ug->guid;
+ }
+
+ /*
+ * Check if given user (or group) is a member of this object
+ */
+ function isMember($ug)
+ {
+ foreach ($this->getMembers() as $member)
+ {
+ if ($member->guid == $ug->guid)
+ return true;
+ }
+
+ return false;
+ }
+
+ /*
+ * Check if given user has permissions for this object
+ */
+ function canAccess($user)
+ {
+ if ($user->admin)
+ return true;
+
+ if ($this->isOwner($user))
+ return true;
+
+ if ($this->isMember($user))
+ return true;
+
+ if ($this->perms & 0x004) // accessible by public
+ return true;
+
+ if ($this->parent != "")
+ {
+ $parent = new DBObject($this->parent);
+
+ if ($parent->canAccessSub($user))
+ return true;
+ }
+ else if ($this->owner != $this->guid)
+ {
+ $owner = new DBObject($this->owner);
+
+ if ($owner->canAccessSub($user))
+ return true;
+ }
+
+ return false;
+ }
+
+ /*
+ * Check if given user has permissions for this object
+ */
+ function canModify($user)
+ {
+ if ($user->admin)
+ return true;
+
+ if ($this->isOwner($user))
+ return true;
+
+ if ($this->isMember($user) && $this->perms & 0x100)
+ return true;
+
+ if ($this->parent != "")
+ {
+ $parent = new DBObject($this->parent);
+
+ if ($parent->canModifySub($user))
+ return true;
+ }
+ else if ($this->owner != $this->guid)
+ {
+ $owner = new DBObject($this->owner);
+
+ if ($owner->canModifySub($user))
+ return true;
+ }
+
+ return false;
+ }
+
+ /*
+ * Check if given user has permissions for this object
+ */
+ function canModifyMembers($user)
+ {
+ if ($user->admin)
+ return true;
+
+ if ($this->isOwner($user))
+ return true;
+
+ if ($this->isMember($user) && $this->perms & 0x080)
+ return true;
+
+ if ($this->parent != "")
+ {
+ $parent = new DBObject($this->parent);
+
+ if ($parent->canModifySubMembers($user))
+ return true;
+ }
+ else if ($this->owner != $this->guid)
+ {
+ $owner = new DBObject($this->owner);
+
+ if ($owner->canModifySubMembers($user))
+ return true;
+ }
+
+ return false;
+ }
+
+ /*
+ * Check if given user has permissions for this object
+ */
+ function canModifyPermissions($user)
+ {
+ if ($user->admin)
+ return true;
+
+ if ($this->isOwner($user))
+ return true;
+
+ if ($this->parent != "")
+ {
+ $parent = new DBObject($this->parent);
+
+ if ($parent->canModifySubPermissions($user))
+ return true;
+ }
+ else if ($this->owner != $this->guid)
+ {
+ $owner = new DBObject($this->owner);
+
+ if ($owner->canModifySubPermissions($user))
+ return true;
+ }
+
+ return false;
+ }
+
+ /*
+ * Check if given user has permissions for this object
+ */
+ function canAccessSub($user)
+ {
+ if ($user->admin)
+ return true;
+
+ if ($this->isOwner($user))
+ return true;
+
+ if ($this->isMember($user) && $this->perms & 0x040)
+ return true;
+
+ if ($this->perms & 0x002) // accessible by public
+ return true;
+
+ if ($this->parent != "")
+ {
+ $parent = new DBObject($this->parent);
+
+ if ($parent->canAccessSub($user))
+ return true;
+ }
+ else if ($this->owner != $this->guid)
+ {
+ $owner = new DBObject($this->owner);
+
+ if ($owner->canAccessSub($user))
+ return true;
+ }
+
+ return false;
+ }
+
+ /*
+ * Check if given user has permissions for this object
+ */
+ function canCreateSub($user)
+ {
+ if ($user->admin)
+ return true;
+
+ if ($this->isOwner($user))
+ return true;
+
+ if ($this->isMember($user) && $this->perms & 0x020)
+ return true;
+
+ if ($this->perms & 0x001) // accessible by public
+ return true;
+
+ if ($this->parent != "")
+ {
+ $parent = new DBObject($this->parent);
+
+ if ($parent->canCreateSub($user))
+ return true;
+ }
+ else if ($this->owner != $this->guid)
+ {
+ $owner = new DBObject($this->owner);
+
+ if ($owner->canCreateSub($user))
+ return true;
+ }
+
+ return false;
+ }
+
+ /*
+ * Check if given user has permissions for this object
+ */
+ function canModifySub($user)
+ {
+ if ($user->admin)
+ return true;
+
+ if ($this->isOwner($user))
+ return true;
+
+ if ($this->isMember($user) && $this->perms & 0x010)
+ return true;
+
+ if ($this->parent != "")
+ {
+ $parent = new DBObject($this->parent);
+
+ if ($parent->canModifySub($user))
+ return true;
+ }
+ else if ($this->owner != $this->guid)
+ {
+ $owner = new DBObject($this->owner);
+
+ if ($owner->canModifySub($user))
+ return true;
+ }
+
+ return false;
+ }
+
+ /*
+ * Check if given user has permissions for this object
+ */
+ function canModifySubMembers($user)
+ {
+ if ($user->admin)
+ return true;
+
+ if ($this->isOwner($user))
+ return true;
+
+ if ($this->isMember($user) && $this->perms & 0x008)
+ return true;
+
+ if ($this->parent != "")
+ {
+ $parent = new DBObject($this->parent);
+
+ if ($parent->canModifySubMembers($user))
+ return true;
+ }
+ else if ($this->owner != $this->guid)
+ {
+ $owner = new DBObject($this->owner);
+
+ if ($owner->canModifySubMembers($user))
+ return true;
+ }
+
+ return false;
+ }
+
+ /*
+ * Check if given user has permissions for this object
+ */
+ function canModifySubPermissions($user)
+ {
+ if ($user->admin)
+ return true;
+
+ if ($this->isOwner($user))
+ return true;
+
+ if ($this->parent != "")
+ {
+ $parent = new DBObject($this->parent);
+
+ if ($parent->canModifySubPermissions($user))
+ return true;
+ }
+ else if ($this->owner != $this->guid)
+ {
+ $owner = new DBObject($this->owner);
+
+ if ($owner->canModifySubPermissions($user))
+ return true;
+ }
+
+ return false;
+ }
}
/*
cgit-1.2.3-r5 | srcnode v0.4.0