From 19fac440ae8cf1a03e491825fb7d33313c451caa Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 4 Feb 2017 22:10:43 -0500 Subject: Add agent class --- app/class/agent.class.php | 54 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 app/class/agent.class.php (limited to 'app/class/agent.class.php') diff --git a/app/class/agent.class.php b/app/class/agent.class.php new file mode 100644 index 0000000..7c3b23c --- /dev/null +++ b/app/class/agent.class.php @@ -0,0 +1,54 @@ +getOwner()->guid == $this->guid; + } + + /* + * Check whether this agent is a member of the given object + */ + public function isMemberOf(object $obj) : bool + { + foreach ($obj->getMembers() as $memb) + { + if ($memb->guid == $this->guid) + return true; + } + + return false; + } +} + +?> -- cgit v1.2.3 From 127a6bba72f699816f227164661e7b451a4e7e76 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Thu, 16 Feb 2017 00:18:33 -0500 Subject: Add functions for checking user/group permissions --- app/class/agent.class.php | 282 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 282 insertions(+) (limited to 'app/class/agent.class.php') diff --git a/app/class/agent.class.php b/app/class/agent.class.php index 7c3b23c..52bfc1e 100644 --- a/app/class/agent.class.php +++ b/app/class/agent.class.php @@ -49,6 +49,288 @@ abstract class agent extends object return false; } + + /* + * Check whether this agent has access permission for given + * object + */ + public function canAccess(object $obj) : bool + { + if ($this->admin) + return true; + + if ($this->isOwnerOf($obj)) + return true; + + if ($this->isMemberOf($obj)) + return true; + + if ($obj->pubAcc) + return true; + + if ($obj->parent) + { + $parent = new object($obj->parent); + if ($this->canAccessSub($parent)) + return true; + } + else if ($this->owner) + { + $owner = new object($obj->owner); + if ($this->canAccessSub($owner)) + return true; + } + + return false; + } + + /* + * Check whether this agent has modify permission for given + * object + */ + public function canModify(object $obj) : bool + { + if ($this->admin) + return true; + + if ($this->isOwnerOf($obj)) + return true; + + if ($this->isMemberOf($obj) && $obj->membModify) + return true; + + if ($obj->parent) + { + $parent = new object($obj->parent); + if ($this->canModifySub($parent)) + return true; + } + else if ($obj->owner) + { + $owner = new object($obj->owner); + if ($this->canModifySub($owner)) + return true; + } + + return false; + } + + /* + * Check whether this agent has modify members permission for + * given object + */ + public function canModifyMembers(object $obj) : bool + { + if ($this->admin) + return true; + + if ($this->isOwnerOf($obj)) + return true; + + if ($this->isMemberOf($obj) && $obj->membMemb) + return true; + + if ($obj->parent) + { + $parent = new object($obj->parent); + if ($this->canModifySubMembers($parent)) + return true; + } + else if ($obj->owner) + { + $owner = new object($obj->owner); + if ($this->canModifySubMembers($owner)) + return true; + } + + return false; + } + + /* + * Check whether this agent has modify permissions permission + * for given object + */ + public function canModifyPermissions(object $obj) : bool + { + if ($this->admin) + return true; + + if ($this->isOwnerOf($obj)) + return true; + + if ($obj->parent) + { + $parent = new object($obj->parent); + if ($this->canModifySubPermissions($parent)) + return true; + } + else if ($obj->owner) + { + $owner = new object($obj->owner); + if ($this->canModifySubPermissions($owner)) + return true; + } + + return false; + } + + /* + * Check whether this agent has access-sub permission for + * given object + */ + public function canAccessSub(object $obj) : bool + { + if ($this->admin) + return true; + + if ($this->isOwnerOf($obj)) + return true; + + if ($this->isMemberOf($obj) && $obj->membAccs) + return true; + + if ($obj->pubAccs) + return true; + + if ($obj->parent) + { + $parent = new object($obj->parent); + if ($this->canAccessSub($parent)) + return true; + } + else if ($obj->owner) + { + $owner = new object($obj->owner); + if ($this->canAccessSub($owner)) + return true; + } + + return false; + } + + /* + * Check whether this agent has create-sub permission + * for given object + */ + public function canCreateSub(object $obj) : bool + { + if ($this->admin) + return true; + + if ($this->isOwnerOf($obj)) + return true; + + if ($this->isMemberOf($obj) && $obj->membCres) + return true; + + if ($obj->pubCres) + return true; + + if ($obj->parent) + { + $parent = new object($obj->parent); + if ($this->canCreateSub($parent)) + return true; + } + else if ($obj->owner) + { + $owner = new object($obj->owner); + if ($this->canCreateSub($owner)) + return true; + } + + return false; + } + + /* + * Check whether this agent has modify-sub permission + * for given object + */ + public function canModifySub(object $obj) : bool + { + if ($this->admin) + return true; + + if ($this->isOwnerOf($obj)) + return true; + + if ($this->isMemberOf($obj) && $obj->membModifys) + return true; + + if ($obj->parent) + { + $parent = new object($obj->parent); + if ($this->canModifySub($parent)) + return true; + } + else if ($obj->owner) + { + $owner = new object($obj->owner); + if ($this->canModifySub($owner)) + return true; + } + + return false; + } + + /* + * Check whether this agent has modify-sub-members + * permission for given object + */ + public function canModifySubMembers(object $obj) : bool + { + if ($this->admin) + return true; + + if ($this->isOwnerOf($obj)) + return true; + + if ($this->isMemberOf($obj) && $obj->membMembs) + return true; + + if ($obj->parent) + { + $parent = new object($obj->parent); + if ($this->canModifySubMembers($parent)) + return true; + } + else if ($obj->owner) + { + $owner = new object($obj->owner); + if ($this->canModifySubMembers($owner)) + return true; + } + + return false; + } + + /* + * Check whether this agent has modify-sub-permissions + * permission for given object + */ + public function canModifySubPermissions(object $obj) : bool + { + if ($this->admin) + return true; + + if ($this->isOwnerOf($obj)) + return true; + + if ($obj->parent) + { + $parent = new object($obj->parent); + if ($this->canModifySubPermissions($parent)) + return true; + } + else if ($obj->owner) + { + $owner = new object($obj->owner); + if ($this->canModifySubPermissions($owner)) + return true; + } + + return false; + } } ?> -- cgit v1.2.3 From 173b002d3f9de83f93fc1a0128febcc44410c3d0 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 26 Mar 2017 04:14:58 -0400 Subject: Add function agent::getDisplayName() --- app/class/agent.class.php | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'app/class/agent.class.php') diff --git a/app/class/agent.class.php b/app/class/agent.class.php index 52bfc1e..038c485 100644 --- a/app/class/agent.class.php +++ b/app/class/agent.class.php @@ -50,6 +50,24 @@ abstract class agent extends object return false; } + /* + * Get the display name for this agent. For groups this is the + * object name; for users, this is the object name, unless an + * alias is set. + */ + public function getDisplayName() : string + { + if ($this->objtype != "user") + return $this->name; + + $user = new user($this->guid); + + if ($user->alias != "") + return $user->alias; + + return $user->name; + } + /* * Check whether this agent has access permission for given * object -- cgit v1.2.3 From cc1f573a276bd5f022831f837bb9c1234df56ad9 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 9 Apr 2017 20:08:05 -0400 Subject: Add agent function getPads_ordByOwnByName() --- app/class/agent.class.php | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'app/class/agent.class.php') diff --git a/app/class/agent.class.php b/app/class/agent.class.php index 038c485..a2c8c2e 100644 --- a/app/class/agent.class.php +++ b/app/class/agent.class.php @@ -13,6 +13,7 @@ */ require_once "class/object.class.php"; +require_once "class/pad.class.php"; /* * This is a supertype for users and groups, since these two object types @@ -68,6 +69,35 @@ abstract class agent extends object return $user->name; } + /* + * Get all pads this agent owns or is a member of. This isn't + * necessarily all pads this agent has access permission for. + * Results are sorted by ownership, then by name. + */ + public function getPads_ordByOwnByName() : array + { + $pads = array(); + + /* owner */ + $query = "SELECT guid FROM objects WHERE objtype = 'pad' AND " . + "owner = '" . database::esc($this->guid) . "' ORDER BY name"; + $res = database::query($query); + + foreach ($res as $p) + $pads[] = new pad($p['guid']); + + /* members */ + $query = "SELECT o.guid FROM objects o JOIN members m ON " . + "o.guid = m.guid WHERE o.objtype = 'pad' AND " . + "m.member = '" . database::esc($this->guid) . "' ORDER BY o.name"; + $res = database::query($query); + + foreach ($res as $p) + $pads[] = new pad($p['guid']); + + return $pads; + } + /* * Check whether this agent has access permission for given * object -- cgit v1.2.3 From fed99e2d0938b10018c8264632165aad56bc2561 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Tue, 6 Jun 2017 12:19:02 -0400 Subject: Move sendEmail() function into agent class Adding this as an abstract function to class agent. Since we will only be sending emails to stored users (and groups) this makes more sense and allows us to remove this function from the global namespace as well. --- app/class/agent.class.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'app/class/agent.class.php') diff --git a/app/class/agent.class.php b/app/class/agent.class.php index a2c8c2e..ed50b93 100644 --- a/app/class/agent.class.php +++ b/app/class/agent.class.php @@ -14,6 +14,9 @@ require_once "class/object.class.php"; require_once "class/pad.class.php"; +require_once "class/settings.class.php"; +require_once "class/phpmailer.class.php"; +require_once "class/smtp.class.php"; /* * This is a supertype for users and groups, since these two object types @@ -51,6 +54,15 @@ abstract class agent extends object return false; } + /* + * Send an email message to this agent using stored configuration + * parameters. If config is not established, delivery is not + * attempted. Return status. + */ + public abstract function sendEmail(string $subj, string $mesg, + ?string $attachPath = NULL, ?string $attachName = NULL, + bool $ignoreEmailConf = false) : bool; + /* * Get the display name for this agent. For groups this is the * object name; for users, this is the object name, unless an -- cgit v1.2.3 From e54418762e279a1d7ca0efb7ed89b95464753ee8 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Wed, 7 Feb 2018 22:33:19 -0500 Subject: Update class files to use renamed obj class --- app/class/agent.class.php | 62 +++++++++++++++++++++++------------------------ 1 file changed, 31 insertions(+), 31 deletions(-) (limited to 'app/class/agent.class.php') diff --git a/app/class/agent.class.php b/app/class/agent.class.php index ed50b93..6d0e20d 100644 --- a/app/class/agent.class.php +++ b/app/class/agent.class.php @@ -12,7 +12,7 @@ * For more information, please refer to UNLICENSE */ -require_once "class/object.class.php"; +require_once "class/obj.class.php"; require_once "class/pad.class.php"; require_once "class/settings.class.php"; require_once "class/phpmailer.class.php"; @@ -22,7 +22,7 @@ require_once "class/smtp.class.php"; * This is a supertype for users and groups, since these two object types * will often be handled polymorphically and will share some functionality. */ -abstract class agent extends object +abstract class agent extends obj { /* * Constructor @@ -35,7 +35,7 @@ abstract class agent extends object /* * Check whether this agent is the owner of the given object */ - public function isOwnerOf(object $obj) : bool + public function isOwnerOf(obj $obj) : bool { return $obj->getOwner()->guid == $this->guid; } @@ -43,7 +43,7 @@ abstract class agent extends object /* * Check whether this agent is a member of the given object */ - public function isMemberOf(object $obj) : bool + public function isMemberOf(obj $obj) : bool { foreach ($obj->getMembers() as $memb) { @@ -114,7 +114,7 @@ abstract class agent extends object * Check whether this agent has access permission for given * object */ - public function canAccess(object $obj) : bool + public function canAccess(obj $obj) : bool { if ($this->admin) return true; @@ -130,13 +130,13 @@ abstract class agent extends object if ($obj->parent) { - $parent = new object($obj->parent); + $parent = new obj($obj->parent); if ($this->canAccessSub($parent)) return true; } else if ($this->owner) { - $owner = new object($obj->owner); + $owner = new obj($obj->owner); if ($this->canAccessSub($owner)) return true; } @@ -148,7 +148,7 @@ abstract class agent extends object * Check whether this agent has modify permission for given * object */ - public function canModify(object $obj) : bool + public function canModify(obj $obj) : bool { if ($this->admin) return true; @@ -161,13 +161,13 @@ abstract class agent extends object if ($obj->parent) { - $parent = new object($obj->parent); + $parent = new obj($obj->parent); if ($this->canModifySub($parent)) return true; } else if ($obj->owner) { - $owner = new object($obj->owner); + $owner = new obj($obj->owner); if ($this->canModifySub($owner)) return true; } @@ -179,7 +179,7 @@ abstract class agent extends object * Check whether this agent has modify members permission for * given object */ - public function canModifyMembers(object $obj) : bool + public function canModifyMembers(obj $obj) : bool { if ($this->admin) return true; @@ -192,13 +192,13 @@ abstract class agent extends object if ($obj->parent) { - $parent = new object($obj->parent); + $parent = new obj($obj->parent); if ($this->canModifySubMembers($parent)) return true; } else if ($obj->owner) { - $owner = new object($obj->owner); + $owner = new obj($obj->owner); if ($this->canModifySubMembers($owner)) return true; } @@ -210,7 +210,7 @@ abstract class agent extends object * Check whether this agent has modify permissions permission * for given object */ - public function canModifyPermissions(object $obj) : bool + public function canModifyPermissions(obj $obj) : bool { if ($this->admin) return true; @@ -220,13 +220,13 @@ abstract class agent extends object if ($obj->parent) { - $parent = new object($obj->parent); + $parent = new obj($obj->parent); if ($this->canModifySubPermissions($parent)) return true; } else if ($obj->owner) { - $owner = new object($obj->owner); + $owner = new obj($obj->owner); if ($this->canModifySubPermissions($owner)) return true; } @@ -238,7 +238,7 @@ abstract class agent extends object * Check whether this agent has access-sub permission for * given object */ - public function canAccessSub(object $obj) : bool + public function canAccessSub(obj $obj) : bool { if ($this->admin) return true; @@ -254,13 +254,13 @@ abstract class agent extends object if ($obj->parent) { - $parent = new object($obj->parent); + $parent = new obj($obj->parent); if ($this->canAccessSub($parent)) return true; } else if ($obj->owner) { - $owner = new object($obj->owner); + $owner = new obj($obj->owner); if ($this->canAccessSub($owner)) return true; } @@ -272,7 +272,7 @@ abstract class agent extends object * Check whether this agent has create-sub permission * for given object */ - public function canCreateSub(object $obj) : bool + public function canCreateSub(obj $obj) : bool { if ($this->admin) return true; @@ -288,13 +288,13 @@ abstract class agent extends object if ($obj->parent) { - $parent = new object($obj->parent); + $parent = new obj($obj->parent); if ($this->canCreateSub($parent)) return true; } else if ($obj->owner) { - $owner = new object($obj->owner); + $owner = new obj($obj->owner); if ($this->canCreateSub($owner)) return true; } @@ -306,7 +306,7 @@ abstract class agent extends object * Check whether this agent has modify-sub permission * for given object */ - public function canModifySub(object $obj) : bool + public function canModifySub(obj $obj) : bool { if ($this->admin) return true; @@ -319,13 +319,13 @@ abstract class agent extends object if ($obj->parent) { - $parent = new object($obj->parent); + $parent = new obj($obj->parent); if ($this->canModifySub($parent)) return true; } else if ($obj->owner) { - $owner = new object($obj->owner); + $owner = new obj($obj->owner); if ($this->canModifySub($owner)) return true; } @@ -337,7 +337,7 @@ abstract class agent extends object * Check whether this agent has modify-sub-members * permission for given object */ - public function canModifySubMembers(object $obj) : bool + public function canModifySubMembers(obj $obj) : bool { if ($this->admin) return true; @@ -350,13 +350,13 @@ abstract class agent extends object if ($obj->parent) { - $parent = new object($obj->parent); + $parent = new obj($obj->parent); if ($this->canModifySubMembers($parent)) return true; } else if ($obj->owner) { - $owner = new object($obj->owner); + $owner = new obj($obj->owner); if ($this->canModifySubMembers($owner)) return true; } @@ -368,7 +368,7 @@ abstract class agent extends object * Check whether this agent has modify-sub-permissions * permission for given object */ - public function canModifySubPermissions(object $obj) : bool + public function canModifySubPermissions(obj $obj) : bool { if ($this->admin) return true; @@ -378,13 +378,13 @@ abstract class agent extends object if ($obj->parent) { - $parent = new object($obj->parent); + $parent = new obj($obj->parent); if ($this->canModifySubPermissions($parent)) return true; } else if ($obj->owner) { - $owner = new object($obj->owner); + $owner = new obj($obj->owner); if ($this->canModifySubPermissions($owner)) return true; } -- cgit v1.2.3 From 3eaf6f3b990d86069453b1bda4ed377e67ccf571 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 22 Jul 2018 02:25:54 -0400 Subject: Fix bug in function agent::isOwner() If the argument doesn't have an owner, then an access error is thrown when we try to do ->guid. Since there is no owner, just return false. Otherwise, do the comparision as usual. --- app/class/agent.class.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'app/class/agent.class.php') diff --git a/app/class/agent.class.php b/app/class/agent.class.php index 6d0e20d..b4e6702 100644 --- a/app/class/agent.class.php +++ b/app/class/agent.class.php @@ -37,7 +37,10 @@ abstract class agent extends obj */ public function isOwnerOf(obj $obj) : bool { - return $obj->getOwner()->guid == $this->guid; + if (!($own = $obj->getOwner())) + return false; + + return $own->guid == $this->guid; } /* -- cgit v1.2.3 From 6c03cc537c5794a131278583f83477bbd15e0e3e Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 22 Jul 2018 02:43:02 -0400 Subject: Fix bug in agent 'has permission' functions The check that this commit adds to each of these functions enables users with all permissions on themselves. --- app/class/agent.class.php | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'app/class/agent.class.php') diff --git a/app/class/agent.class.php b/app/class/agent.class.php index b4e6702..4af13d5 100644 --- a/app/class/agent.class.php +++ b/app/class/agent.class.php @@ -122,6 +122,9 @@ abstract class agent extends obj if ($this->admin) return true; + if ($this->guid == $obj->guid) + return true; + if ($this->isOwnerOf($obj)) return true; @@ -156,6 +159,9 @@ abstract class agent extends obj if ($this->admin) return true; + if ($this->guid == $obj->guid) + return true; + if ($this->isOwnerOf($obj)) return true; @@ -187,6 +193,9 @@ abstract class agent extends obj if ($this->admin) return true; + if ($this->guid == $obj->guid) + return true; + if ($this->isOwnerOf($obj)) return true; @@ -218,6 +227,9 @@ abstract class agent extends obj if ($this->admin) return true; + if ($this->guid == $obj->guid) + return true; + if ($this->isOwnerOf($obj)) return true; @@ -246,6 +258,9 @@ abstract class agent extends obj if ($this->admin) return true; + if ($this->guid == $obj->guid) + return true; + if ($this->isOwnerOf($obj)) return true; @@ -280,6 +295,9 @@ abstract class agent extends obj if ($this->admin) return true; + if ($this->guid == $obj->guid) + return true; + if ($this->isOwnerOf($obj)) return true; @@ -314,6 +332,9 @@ abstract class agent extends obj if ($this->admin) return true; + if ($this->guid == $obj->guid) + return true; + if ($this->isOwnerOf($obj)) return true; @@ -345,6 +366,9 @@ abstract class agent extends obj if ($this->admin) return true; + if ($this->guid == $obj->guid) + return true; + if ($this->isOwnerOf($obj)) return true; @@ -376,6 +400,9 @@ abstract class agent extends obj if ($this->admin) return true; + if ($this->guid == $obj->guid) + return true; + if ($this->isOwnerOf($obj)) return true; -- cgit v1.2.3 From 11f83706e5774b417f6d8a52786e925bec88fc43 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Wed, 12 Sep 2018 02:53:53 -0400 Subject: Add function agent::getAgentObj() This is basically a constructor for agent. The actual type returned is a contrete agent. --- app/class/agent.class.php | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'app/class/agent.class.php') diff --git a/app/class/agent.class.php b/app/class/agent.class.php index 4af13d5..63a21ed 100644 --- a/app/class/agent.class.php +++ b/app/class/agent.class.php @@ -32,6 +32,23 @@ abstract class agent extends obj parent::__construct($guid); } + /* + * Since this class is abstract, this function is provided as a + * means of constructing the appropriate agent object based on + * a GUID. + */ + public static function getAgentObj(string $guid) : agent + { + try + { + return new user($guid); + } + catch (Exception $e) + { + return new group($guid); + } + } + /* * Check whether this agent is the owner of the given object */ -- cgit v1.2.3 From fbb9bcb787287597a0666b9313a4754ed03d242b Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Mon, 24 Sep 2018 12:55:21 -0400 Subject: agent: Fix bug in function canAccess() This is probabally more of an oops than a bug, although was causing unexpected behavior. When falling back to checking whether the agent has access to the object's owner, it was wrongly accessing through $this->owner, rather than $obj->owner (which is the function argument). This was probabally left over from how this function _used_ to be implemented (you would call on the object and pass in the user). --- app/class/agent.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/class/agent.class.php') diff --git a/app/class/agent.class.php b/app/class/agent.class.php index 63a21ed..c8e6436 100644 --- a/app/class/agent.class.php +++ b/app/class/agent.class.php @@ -157,7 +157,7 @@ abstract class agent extends obj if ($this->canAccessSub($parent)) return true; } - else if ($this->owner) + else if ($obj->owner) { $owner = new obj($obj->owner); if ($this->canAccessSub($owner)) -- cgit v1.2.3 From c2d42ce0239c8da0cb9acea922f6dea183196225 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 21 Oct 2018 23:07:10 -0400 Subject: agent: Add function isAssignedTo() --- app/class/agent.class.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'app/class/agent.class.php') diff --git a/app/class/agent.class.php b/app/class/agent.class.php index c8e6436..4c75f0b 100644 --- a/app/class/agent.class.php +++ b/app/class/agent.class.php @@ -74,6 +74,21 @@ abstract class agent extends obj return false; } + /* + * Check whether this agent is assigned to the given issue + */ + public function isAssignedTo(issue $issue) : bool + { + foreach ($issue->getAssignees() as $assign) + { + if ($assign->assignee->guid == $this->guid + && $assign->dismissed == "") + return true; + } + + return false; + } + /* * Send an email message to this agent using stored configuration * parameters. If config is not established, delivery is not -- cgit v1.2.3