From 9a0b71712bf79c22bb2b4c3f3afb2d34c38214c0 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Wed, 1 Jun 2016 21:59:02 -0400 Subject: Add function Group::createNewGroup() This function will initialize a new group object and write it to the database, with a given group name and owner user. --- app/class/group.class.php | 15 +++++++++++++++ app/class/object.class.php | 2 ++ 2 files changed, 17 insertions(+) (limited to 'app/class') diff --git a/app/class/group.class.php b/app/class/group.class.php index dfa7deb..246276a 100644 --- a/app/class/group.class.php +++ b/app/class/group.class.php @@ -29,6 +29,21 @@ class Group extends Object parent::__construct(); $this->loadObj($guid); } + + /* + * Create a new user group object. + * On success, this object should be initialized as the new group (use only on new + * Group() objects) + */ + function createNewGroup($name, $owner) + { + $this->perms = $this->DEFAULT_OBJECT_PERMISSIONS; + $this->owner = $owner->guid; + $this->name = $name; + $this->type = "group"; + + $this->saveObj(); + } } ?> diff --git a/app/class/object.class.php b/app/class/object.class.php index b73a54d..42c9355 100644 --- a/app/class/object.class.php +++ b/app/class/object.class.php @@ -21,6 +21,8 @@ require_once "class/framework.class.php"; */ abstract class Object extends Framework { + var $DEFAULT_OBJECT_PERMISSIONS = 120; + /* * Constructor */ -- cgit v1.2.3 From d70f5ac0ddc976fff9a526996dca8ea6e69d9a16 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Wed, 8 Jun 2016 23:23:04 -0400 Subject: Add function Object::getMembers() Added object function to get an array of all its members. These will always be user objects, so this is always a safe function to call. --- app/class/object.class.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'app/class') diff --git a/app/class/object.class.php b/app/class/object.class.php index 42c9355..a64bdfb 100644 --- a/app/class/object.class.php +++ b/app/class/object.class.php @@ -252,6 +252,22 @@ abstract class Object extends Framework { return hash("sha256", openssl_random_pseudo_bytes(64)); } + + /* + * Get an array of all members of this object + */ + function getMembers() + { + $query = "SELECT member FROM obj_member WHERE guid = '" . $this->db->esc($this->guid) . "'"; + $result = $this->db->query($query); + + $members = array(); + + foreach ($result as $m) + $members[] = new User($m['member']); + + return $members; + } } /* -- cgit v1.2.3 From 3f58919204a6d21111b6ff00ccec1e2a9dfac040 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Wed, 8 Jun 2016 23:36:35 -0400 Subject: Add function Object::getOwner() Added object function to get the owner of an object. This base-class function returns a User object, however a user might not always be the kind of owner (eg: a group can own a pad). In these situations, Object sub-classes should override this function and return the appropriate type of object. --- app/class/object.class.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'app/class') diff --git a/app/class/object.class.php b/app/class/object.class.php index a64bdfb..8a4b956 100644 --- a/app/class/object.class.php +++ b/app/class/object.class.php @@ -15,6 +15,7 @@ */ require_once "class/framework.class.php"; +require_once "class/user.class.php"; /* * Base class for Scrott database objects @@ -253,6 +254,17 @@ abstract class Object extends Framework return hash("sha256", openssl_random_pseudo_bytes(64)); } + /* + * Get a user object for this object's owner + */ + function getOwner() + { + if (isset($this->owner)) + return new User($this->owner); + + return null; + } + /* * Get an array of all members of this object */ -- cgit v1.2.3 From 3e05bd0357d1cecc89c865a8b339b114b5b91f67 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Fri, 10 Jun 2016 00:54:12 -0400 Subject: Add functions to Object class to determine user permissions Added a variety of functions to the Object base class for testing a user's access level to another object. Also added functions to test whether a given user or group is an owner or member of another object. --- app/class/object.class.php | 313 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 313 insertions(+) (limited to 'app/class') diff --git a/app/class/object.class.php b/app/class/object.class.php index 8a4b956..a409fa9 100644 --- a/app/class/object.class.php +++ b/app/class/object.class.php @@ -280,6 +280,319 @@ abstract class Object extends Framework return $members; } + + /* + * Check if given user (or group) is the owner if this object + */ + function isOwner($ug) + { + return $this->getOwner()->guid == $ug->guid; + } + + /* + * Check if given user (or group) is a member of this object + */ + function isMember($ug) + { + foreach ($this->getMembers() as $member) + { + if ($member->guid == $ug->guid) + return true; + } + + return false; + } + + /* + * Check if given user has permissions for this object + */ + function canAccess($user) + { + if ($user->admin) + return true; + + if ($this->isOwner($user)) + return true; + + if ($this->isMember($user)) + return true; + + if ($this->perms & 0x004) // accessible by public + return true; + + if ($this->parent != "") + { + $parent = new DBObject($this->parent); + + if ($parent->canAccessSub($user)) + return true; + } + else if ($this->owner != $this->guid) + { + $owner = new DBObject($this->owner); + + if ($owner->canAccessSub($user)) + return true; + } + + return false; + } + + /* + * Check if given user has permissions for this object + */ + function canModify($user) + { + if ($user->admin) + return true; + + if ($this->isOwner($user)) + return true; + + if ($this->isMember($user) && $this->perms & 0x100) + return true; + + if ($this->parent != "") + { + $parent = new DBObject($this->parent); + + if ($parent->canModifySub($user)) + return true; + } + else if ($this->owner != $this->guid) + { + $owner = new DBObject($this->owner); + + if ($owner->canModifySub($user)) + return true; + } + + return false; + } + + /* + * Check if given user has permissions for this object + */ + function canModifyMembers($user) + { + if ($user->admin) + return true; + + if ($this->isOwner($user)) + return true; + + if ($this->isMember($user) && $this->perms & 0x080) + return true; + + if ($this->parent != "") + { + $parent = new DBObject($this->parent); + + if ($parent->canModifySubMembers($user)) + return true; + } + else if ($this->owner != $this->guid) + { + $owner = new DBObject($this->owner); + + if ($owner->canModifySubMembers($user)) + return true; + } + + return false; + } + + /* + * Check if given user has permissions for this object + */ + function canModifyPermissions($user) + { + if ($user->admin) + return true; + + if ($this->isOwner($user)) + return true; + + if ($this->parent != "") + { + $parent = new DBObject($this->parent); + + if ($parent->canModifySubPermissions($user)) + return true; + } + else if ($this->owner != $this->guid) + { + $owner = new DBObject($this->owner); + + if ($owner->canModifySubPermissions($user)) + return true; + } + + return false; + } + + /* + * Check if given user has permissions for this object + */ + function canAccessSub($user) + { + if ($user->admin) + return true; + + if ($this->isOwner($user)) + return true; + + if ($this->isMember($user) && $this->perms & 0x040) + return true; + + if ($this->perms & 0x002) // accessible by public + return true; + + if ($this->parent != "") + { + $parent = new DBObject($this->parent); + + if ($parent->canAccessSub($user)) + return true; + } + else if ($this->owner != $this->guid) + { + $owner = new DBObject($this->owner); + + if ($owner->canAccessSub($user)) + return true; + } + + return false; + } + + /* + * Check if given user has permissions for this object + */ + function canCreateSub($user) + { + if ($user->admin) + return true; + + if ($this->isOwner($user)) + return true; + + if ($this->isMember($user) && $this->perms & 0x020) + return true; + + if ($this->perms & 0x001) // accessible by public + return true; + + if ($this->parent != "") + { + $parent = new DBObject($this->parent); + + if ($parent->canCreateSub($user)) + return true; + } + else if ($this->owner != $this->guid) + { + $owner = new DBObject($this->owner); + + if ($owner->canCreateSub($user)) + return true; + } + + return false; + } + + /* + * Check if given user has permissions for this object + */ + function canModifySub($user) + { + if ($user->admin) + return true; + + if ($this->isOwner($user)) + return true; + + if ($this->isMember($user) && $this->perms & 0x010) + return true; + + if ($this->parent != "") + { + $parent = new DBObject($this->parent); + + if ($parent->canModifySub($user)) + return true; + } + else if ($this->owner != $this->guid) + { + $owner = new DBObject($this->owner); + + if ($owner->canModifySub($user)) + return true; + } + + return false; + } + + /* + * Check if given user has permissions for this object + */ + function canModifySubMembers($user) + { + if ($user->admin) + return true; + + if ($this->isOwner($user)) + return true; + + if ($this->isMember($user) && $this->perms & 0x008) + return true; + + if ($this->parent != "") + { + $parent = new DBObject($this->parent); + + if ($parent->canModifySubMembers($user)) + return true; + } + else if ($this->owner != $this->guid) + { + $owner = new DBObject($this->owner); + + if ($owner->canModifySubMembers($user)) + return true; + } + + return false; + } + + /* + * Check if given user has permissions for this object + */ + function canModifySubPermissions($user) + { + if ($user->admin) + return true; + + if ($this->isOwner($user)) + return true; + + if ($this->parent != "") + { + $parent = new DBObject($this->parent); + + if ($parent->canModifySubPermissions($user)) + return true; + } + else if ($this->owner != $this->guid) + { + $owner = new DBObject($this->owner); + + if ($owner->canModifySubPermissions($user)) + return true; + } + + return false; + } } /* -- cgit v1.2.3 From e2328c50f6fd101b4eaee410afb23290965b45b9 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Fri, 10 Jun 2016 22:45:55 -0400 Subject: Fix typo --- app/class/object.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/class') diff --git a/app/class/object.class.php b/app/class/object.class.php index a409fa9..cfc452c 100644 --- a/app/class/object.class.php +++ b/app/class/object.class.php @@ -282,7 +282,7 @@ abstract class Object extends Framework } /* - * Check if given user (or group) is the owner if this object + * Check if given user (or group) is the owner of this object */ function isOwner($ug) { -- cgit v1.2.3 From 78667b156328dfe500330aa3bf83bf84e3116948 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 11 Jun 2016 01:11:23 -0400 Subject: Add function User::getGroups() This function returns all groups the user either owns or is a member of. This is not necessarily the same as all groups the user has access permission to. The *not-yet-implemented* object explorer feature should be used to browse those. --- app/class/user.class.php | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'app/class') diff --git a/app/class/user.class.php b/app/class/user.class.php index 1185f45..3239568 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -15,6 +15,7 @@ */ require_once "class/object.class.php"; +require_once "class/group.class.php"; /* * Application users @@ -230,6 +231,30 @@ class User extends Object return unlink("assets/img/heads/" . $this->guid); } + + /* + * Get all groups this user owns or is a member of + */ + function getGroups() + { + /* owner */ + $query = "SELECT guid FROM object WHERE type = 'group' AND owner = '" . $this->db->esc($this->guid) . "'"; + $result = $this->db->query($query); + + $groups = array(); + + foreach ($result as $g) + $groups[] = new Group($g['guid']); + + /* member */ + $query = "SELECT o.guid FROM object o JOIN obj_member om ON o.guid = om.guid WHERE o.type = 'group' AND member = '" . $this->db->esc($this->guid) . "'"; + $result = $this->db->query($query); + + foreach ($result as $g) + $groups[] = new Group($g['guid']); + + return $groups; + } } ?> -- cgit v1.2.3 From 63e56817123810e93a3d5cd0e13a70b8c47cacc5 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Tue, 13 Sep 2016 20:34:15 -0400 Subject: Changes to the handling of indirect variables, properties, and methods To maintain forward compatability with newer versions of PHP (and since my dev environment is now running PHP 7), this patch is made to address the following breaking change from PHP 5: PHP 7 now uses an abstract syntax tree when parsing source files. This has permitted many improvements to the language which were previously impossible due to limitations in the parser used in earlier versions of PHP, but has resulted in the removal of a few special cases for consistency reasons, which has resulted in backward compatibility breaks. Indirect access to variables, properties, and methods will now be evaluated strictly in left-to-right order, as opposed to the previous mix of special cases. --- app/class/form.class.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'app/class') diff --git a/app/class/form.class.php b/app/class/form.class.php index f0d660a..8bb6506 100644 --- a/app/class/form.class.php +++ b/app/class/form.class.php @@ -123,10 +123,10 @@ class Form foreach ($this->textFields as $fld) { if (isset($input[$fld['name']]) && $input[$fld['name']] != "") - $this->$fld['name'] = htmlEntities($input[$fld['name']], ENT_QUOTES); + $this->{$fld['name']} = htmlEntities($input[$fld['name']], ENT_QUOTES); else if (!is_null($fld['deflt'])) - $this->$fld['name'] = $fld['deflt']; + $this->{$fld['name']} = $fld['deflt']; else if ($fld['req']) $this->logError($fld['name'] . " is required"); @@ -161,11 +161,11 @@ class Form continue; } - $this->$fld['name'] = $input[$fld['name']]; + $this->{$fld['name']} = $input[$fld['name']]; } else if (!is_null($fld['deflt'])) - $this->$fld['name'] = $fld['deflt']; + $this->{$fld['name']} = $fld['deflt']; else if ($fld['req']) $this->logError($fld['name'] . " is required"); @@ -182,11 +182,11 @@ class Form continue; } - $this->$fld['name'] = $input[$fld['name']]; + $this->{$fld['name']} = $input[$fld['name']]; } else if (!is_null($fld['deflt'])) - $this->$fld['name'] = $fld['deflt']; + $this->{$fld['name']} = $fld['deflt']; else if ($fld['req']) $this->logError($fld['name'] . " is required"); -- cgit v1.2.3 From 7fd20cd4e15aec3079377e48f18ba91bbda462eb Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Tue, 13 Sep 2016 23:32:37 -0400 Subject: Move function User::getHeadImage() to Object class Increase the scope of this function so it may be used by groups. --- app/class/object.class.php | 8 ++++++++ app/class/user.class.php | 8 -------- 2 files changed, 8 insertions(+), 8 deletions(-) (limited to 'app/class') diff --git a/app/class/object.class.php b/app/class/object.class.php index cfc452c..8f64fc4 100644 --- a/app/class/object.class.php +++ b/app/class/object.class.php @@ -593,6 +593,14 @@ abstract class Object extends Framework return false; } + + /* + * Get object's head image + */ + function getHeadImage() + { + return $this->ar() . "/file.php?d=img/heads&f=" . $this->guid; + } } /* diff --git a/app/class/user.class.php b/app/class/user.class.php index 3239568..44b4b5f 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -213,14 +213,6 @@ class User extends Object return "glyphicon glyphicon-user"; } - /* - * Get this user's head image - */ - function getHeadImage() - { - return $this->ar() . "/file.php?d=img/heads&f=" . $this->guid; - } - /* * Remove this user's head image */ -- cgit v1.2.3 From 3c3cde4afc1e590063ca72b10ffe566d7fd690d2 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 17 Sep 2016 19:06:41 -0400 Subject: Add function Object::getURL() --- app/class/object.class.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'app/class') diff --git a/app/class/object.class.php b/app/class/object.class.php index 8f64fc4..1a01ada 100644 --- a/app/class/object.class.php +++ b/app/class/object.class.php @@ -594,6 +594,14 @@ abstract class Object extends Framework return false; } + /* + * Get URL to this object + */ + function getURL() + { + return $this->ar() . "/" . $this->guid; + } + /* * Get object's head image */ -- cgit v1.2.3 From 35da301d31045b0974100307a7f0f4128b482170 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 18 Sep 2016 11:59:11 -0400 Subject: Move function User::rmHeadImage() to Object class --- app/class/object.class.php | 11 +++++++++++ app/class/user.class.php | 11 ----------- 2 files changed, 11 insertions(+), 11 deletions(-) (limited to 'app/class') diff --git a/app/class/object.class.php b/app/class/object.class.php index 1a01ada..7c0b7bb 100644 --- a/app/class/object.class.php +++ b/app/class/object.class.php @@ -609,6 +609,17 @@ abstract class Object extends Framework { return $this->ar() . "/file.php?d=img/heads&f=" . $this->guid; } + + /* + * Remove this object's head image + */ + function rmHeadImage() + { + if (!is_file("assets/img/heads/" . $this->guid)) + return true; + + return unlink("assets/img/heads/" . $this->guid); + } } /* diff --git a/app/class/user.class.php b/app/class/user.class.php index 44b4b5f..b8143a9 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -213,17 +213,6 @@ class User extends Object return "glyphicon glyphicon-user"; } - /* - * Remove this user's head image - */ - function rmHeadImage() - { - if (!is_file("assets/img/heads/" . $this->guid)) - return true; - - return unlink("assets/img/heads/" . $this->guid); - } - /* * Get all groups this user owns or is a member of */ -- cgit v1.2.3