From 9a0b71712bf79c22bb2b4c3f3afb2d34c38214c0 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Wed, 1 Jun 2016 21:59:02 -0400 Subject: Add function Group::createNewGroup() This function will initialize a new group object and write it to the database, with a given group name and owner user. --- app/class/object.class.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'app/class/object.class.php') diff --git a/app/class/object.class.php b/app/class/object.class.php index b73a54d..42c9355 100644 --- a/app/class/object.class.php +++ b/app/class/object.class.php @@ -21,6 +21,8 @@ require_once "class/framework.class.php"; */ abstract class Object extends Framework { + var $DEFAULT_OBJECT_PERMISSIONS = 120; + /* * Constructor */ -- cgit v1.2.3 From d70f5ac0ddc976fff9a526996dca8ea6e69d9a16 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Wed, 8 Jun 2016 23:23:04 -0400 Subject: Add function Object::getMembers() Added object function to get an array of all its members. These will always be user objects, so this is always a safe function to call. --- app/class/object.class.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'app/class/object.class.php') diff --git a/app/class/object.class.php b/app/class/object.class.php index 42c9355..a64bdfb 100644 --- a/app/class/object.class.php +++ b/app/class/object.class.php @@ -252,6 +252,22 @@ abstract class Object extends Framework { return hash("sha256", openssl_random_pseudo_bytes(64)); } + + /* + * Get an array of all members of this object + */ + function getMembers() + { + $query = "SELECT member FROM obj_member WHERE guid = '" . $this->db->esc($this->guid) . "'"; + $result = $this->db->query($query); + + $members = array(); + + foreach ($result as $m) + $members[] = new User($m['member']); + + return $members; + } } /* -- cgit v1.2.3 From 3f58919204a6d21111b6ff00ccec1e2a9dfac040 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Wed, 8 Jun 2016 23:36:35 -0400 Subject: Add function Object::getOwner() Added object function to get the owner of an object. This base-class function returns a User object, however a user might not always be the kind of owner (eg: a group can own a pad). In these situations, Object sub-classes should override this function and return the appropriate type of object. --- app/class/object.class.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'app/class/object.class.php') diff --git a/app/class/object.class.php b/app/class/object.class.php index a64bdfb..8a4b956 100644 --- a/app/class/object.class.php +++ b/app/class/object.class.php @@ -15,6 +15,7 @@ */ require_once "class/framework.class.php"; +require_once "class/user.class.php"; /* * Base class for Scrott database objects @@ -253,6 +254,17 @@ abstract class Object extends Framework return hash("sha256", openssl_random_pseudo_bytes(64)); } + /* + * Get a user object for this object's owner + */ + function getOwner() + { + if (isset($this->owner)) + return new User($this->owner); + + return null; + } + /* * Get an array of all members of this object */ -- cgit v1.2.3 From 3e05bd0357d1cecc89c865a8b339b114b5b91f67 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Fri, 10 Jun 2016 00:54:12 -0400 Subject: Add functions to Object class to determine user permissions Added a variety of functions to the Object base class for testing a user's access level to another object. Also added functions to test whether a given user or group is an owner or member of another object. --- app/class/object.class.php | 313 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 313 insertions(+) (limited to 'app/class/object.class.php') diff --git a/app/class/object.class.php b/app/class/object.class.php index 8a4b956..a409fa9 100644 --- a/app/class/object.class.php +++ b/app/class/object.class.php @@ -280,6 +280,319 @@ abstract class Object extends Framework return $members; } + + /* + * Check if given user (or group) is the owner if this object + */ + function isOwner($ug) + { + return $this->getOwner()->guid == $ug->guid; + } + + /* + * Check if given user (or group) is a member of this object + */ + function isMember($ug) + { + foreach ($this->getMembers() as $member) + { + if ($member->guid == $ug->guid) + return true; + } + + return false; + } + + /* + * Check if given user has permissions for this object + */ + function canAccess($user) + { + if ($user->admin) + return true; + + if ($this->isOwner($user)) + return true; + + if ($this->isMember($user)) + return true; + + if ($this->perms & 0x004) // accessible by public + return true; + + if ($this->parent != "") + { + $parent = new DBObject($this->parent); + + if ($parent->canAccessSub($user)) + return true; + } + else if ($this->owner != $this->guid) + { + $owner = new DBObject($this->owner); + + if ($owner->canAccessSub($user)) + return true; + } + + return false; + } + + /* + * Check if given user has permissions for this object + */ + function canModify($user) + { + if ($user->admin) + return true; + + if ($this->isOwner($user)) + return true; + + if ($this->isMember($user) && $this->perms & 0x100) + return true; + + if ($this->parent != "") + { + $parent = new DBObject($this->parent); + + if ($parent->canModifySub($user)) + return true; + } + else if ($this->owner != $this->guid) + { + $owner = new DBObject($this->owner); + + if ($owner->canModifySub($user)) + return true; + } + + return false; + } + + /* + * Check if given user has permissions for this object + */ + function canModifyMembers($user) + { + if ($user->admin) + return true; + + if ($this->isOwner($user)) + return true; + + if ($this->isMember($user) && $this->perms & 0x080) + return true; + + if ($this->parent != "") + { + $parent = new DBObject($this->parent); + + if ($parent->canModifySubMembers($user)) + return true; + } + else if ($this->owner != $this->guid) + { + $owner = new DBObject($this->owner); + + if ($owner->canModifySubMembers($user)) + return true; + } + + return false; + } + + /* + * Check if given user has permissions for this object + */ + function canModifyPermissions($user) + { + if ($user->admin) + return true; + + if ($this->isOwner($user)) + return true; + + if ($this->parent != "") + { + $parent = new DBObject($this->parent); + + if ($parent->canModifySubPermissions($user)) + return true; + } + else if ($this->owner != $this->guid) + { + $owner = new DBObject($this->owner); + + if ($owner->canModifySubPermissions($user)) + return true; + } + + return false; + } + + /* + * Check if given user has permissions for this object + */ + function canAccessSub($user) + { + if ($user->admin) + return true; + + if ($this->isOwner($user)) + return true; + + if ($this->isMember($user) && $this->perms & 0x040) + return true; + + if ($this->perms & 0x002) // accessible by public + return true; + + if ($this->parent != "") + { + $parent = new DBObject($this->parent); + + if ($parent->canAccessSub($user)) + return true; + } + else if ($this->owner != $this->guid) + { + $owner = new DBObject($this->owner); + + if ($owner->canAccessSub($user)) + return true; + } + + return false; + } + + /* + * Check if given user has permissions for this object + */ + function canCreateSub($user) + { + if ($user->admin) + return true; + + if ($this->isOwner($user)) + return true; + + if ($this->isMember($user) && $this->perms & 0x020) + return true; + + if ($this->perms & 0x001) // accessible by public + return true; + + if ($this->parent != "") + { + $parent = new DBObject($this->parent); + + if ($parent->canCreateSub($user)) + return true; + } + else if ($this->owner != $this->guid) + { + $owner = new DBObject($this->owner); + + if ($owner->canCreateSub($user)) + return true; + } + + return false; + } + + /* + * Check if given user has permissions for this object + */ + function canModifySub($user) + { + if ($user->admin) + return true; + + if ($this->isOwner($user)) + return true; + + if ($this->isMember($user) && $this->perms & 0x010) + return true; + + if ($this->parent != "") + { + $parent = new DBObject($this->parent); + + if ($parent->canModifySub($user)) + return true; + } + else if ($this->owner != $this->guid) + { + $owner = new DBObject($this->owner); + + if ($owner->canModifySub($user)) + return true; + } + + return false; + } + + /* + * Check if given user has permissions for this object + */ + function canModifySubMembers($user) + { + if ($user->admin) + return true; + + if ($this->isOwner($user)) + return true; + + if ($this->isMember($user) && $this->perms & 0x008) + return true; + + if ($this->parent != "") + { + $parent = new DBObject($this->parent); + + if ($parent->canModifySubMembers($user)) + return true; + } + else if ($this->owner != $this->guid) + { + $owner = new DBObject($this->owner); + + if ($owner->canModifySubMembers($user)) + return true; + } + + return false; + } + + /* + * Check if given user has permissions for this object + */ + function canModifySubPermissions($user) + { + if ($user->admin) + return true; + + if ($this->isOwner($user)) + return true; + + if ($this->parent != "") + { + $parent = new DBObject($this->parent); + + if ($parent->canModifySubPermissions($user)) + return true; + } + else if ($this->owner != $this->guid) + { + $owner = new DBObject($this->owner); + + if ($owner->canModifySubPermissions($user)) + return true; + } + + return false; + } } /* -- cgit v1.2.3 From e2328c50f6fd101b4eaee410afb23290965b45b9 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Fri, 10 Jun 2016 22:45:55 -0400 Subject: Fix typo --- app/class/object.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/class/object.class.php') diff --git a/app/class/object.class.php b/app/class/object.class.php index a409fa9..cfc452c 100644 --- a/app/class/object.class.php +++ b/app/class/object.class.php @@ -282,7 +282,7 @@ abstract class Object extends Framework } /* - * Check if given user (or group) is the owner if this object + * Check if given user (or group) is the owner of this object */ function isOwner($ug) { -- cgit v1.2.3 From 7fd20cd4e15aec3079377e48f18ba91bbda462eb Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Tue, 13 Sep 2016 23:32:37 -0400 Subject: Move function User::getHeadImage() to Object class Increase the scope of this function so it may be used by groups. --- app/class/object.class.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'app/class/object.class.php') diff --git a/app/class/object.class.php b/app/class/object.class.php index cfc452c..8f64fc4 100644 --- a/app/class/object.class.php +++ b/app/class/object.class.php @@ -593,6 +593,14 @@ abstract class Object extends Framework return false; } + + /* + * Get object's head image + */ + function getHeadImage() + { + return $this->ar() . "/file.php?d=img/heads&f=" . $this->guid; + } } /* -- cgit v1.2.3 From 3c3cde4afc1e590063ca72b10ffe566d7fd690d2 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 17 Sep 2016 19:06:41 -0400 Subject: Add function Object::getURL() --- app/class/object.class.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'app/class/object.class.php') diff --git a/app/class/object.class.php b/app/class/object.class.php index 8f64fc4..1a01ada 100644 --- a/app/class/object.class.php +++ b/app/class/object.class.php @@ -594,6 +594,14 @@ abstract class Object extends Framework return false; } + /* + * Get URL to this object + */ + function getURL() + { + return $this->ar() . "/" . $this->guid; + } + /* * Get object's head image */ -- cgit v1.2.3 From 35da301d31045b0974100307a7f0f4128b482170 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 18 Sep 2016 11:59:11 -0400 Subject: Move function User::rmHeadImage() to Object class --- app/class/object.class.php | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'app/class/object.class.php') diff --git a/app/class/object.class.php b/app/class/object.class.php index 1a01ada..7c0b7bb 100644 --- a/app/class/object.class.php +++ b/app/class/object.class.php @@ -609,6 +609,17 @@ abstract class Object extends Framework { return $this->ar() . "/file.php?d=img/heads&f=" . $this->guid; } + + /* + * Remove this object's head image + */ + function rmHeadImage() + { + if (!is_file("assets/img/heads/" . $this->guid)) + return true; + + return unlink("assets/img/heads/" . $this->guid); + } } /* -- cgit v1.2.3