| 1 | <?php |
| 2 | |
| 3 | class permissions { |
| 4 | |
| 5 | //trillion lights to Hierarchy! |
| 6 | //$node input parameter can be a numeric node_id of a node-to-be-checked or a hash containing node_id,node_vector |
| 7 | public static function checkPerms($node) { |
| 8 | // new permissions checking |
| 9 | global $db; |
| 10 | |
| 11 | if (is_array($node)) { |
| 12 | $node_id=$node['node_id']; |
| 13 | $node_vector=$node['node_vector']; |
| 14 | } |
| 15 | |
| 16 | elseif (is_numeric($node)) { |
| 17 | $node_id=$node; |
| 18 | } |
| 19 | |
| 20 | if (empty($node_vector)) { |
| 21 | $set=$db->query("select node_vector from nodes where node_id='$node_id'"); |
| 22 | $set->next(); |
| 23 | $node_vector=$set->getString('node_vector'); |
| 24 | } |
| 25 | |
| 26 | $user_id=(empty($_SESSION['user_id'])) ? "" : $_SESSION['user_id']; |
| 27 | |
| 28 | $perms['r'] = 0; |
| 29 | $perms['w'] = 0; |
| 30 | $perms['node_permission'] = ''; |
| 31 | $perms['node_system_access'] = ''; |
| 32 | $perms['node_external_access'] = ''; |
| 33 | |
| 34 | if (!is_numeric($node_id)) |
| 35 | return $perms; |
| 36 | |
| 37 | $nv_arr = str_split($node_vector, VECTOR_CHARS); |
| 38 | $nv_arr = array_map('intval', $nv_arr); |
| 39 | $node_list = implode(', ', $nv_arr); |
| 40 | $node_list.=",$node_id"; |
| 41 | |
| 42 | $q_np = sprintf('select n.node_id, n.node_creator, length(n.node_vector) as nv_length |
| 43 | , n.node_system_access, n.node_external_access, na.node_permission |
| 44 | from nodes n |
| 45 | left join node_access na on na.node_id = n.node_id |
| 46 | and na.user_id = %d |
| 47 | where n.node_id in(%s) |
| 48 | order by nv_length desc', $user_id, $node_list); |
| 49 | |
| 50 | $qr_np = $db->query($q_np); |
| 51 | |
| 52 | while ($qr_np->next()) { |
| 53 | // nastavim si prava hlavnej zvolenej nody |
| 54 | if ($perms['node_permission'] == '' && $perms['node_system_access'] == '') { |
| 55 | |
| 56 | $perms['node_permission'] = $qr_np->getString('node_permission'); |
| 57 | $perms['node_system_access'] = $qr_np->getString('node_system_access'); |
| 58 | $perms['node_external_access'] = $qr_np->getString('node_external_access'); |
| 59 | |
| 60 | // r/w prava podla system accessu |
| 61 | if ($perms['node_system_access'] == 'public') { |
| 62 | $perms['r'] = 1; |
| 63 | $perms['w'] = 1; |
| 64 | } |
| 65 | elseif ($perms['node_system_access'] == 'moderated') { |
| 66 | $perms['r'] = 1; |
| 67 | $perms['w'] = 0; |
| 68 | } |
| 69 | elseif ($perms['node_system_access'] == 'private') { |
| 70 | $perms['r'] = 0; |
| 71 | $perms['w'] = 0; |
| 72 | } |
| 73 | |
| 74 | if ($qr_np->getInt('node_creator') == $user_id) { |
| 75 | $perms['node_permission'] = 'owner'; |
| 76 | $perms['r'] = 1; |
| 77 | $perms['w'] = 1; |
| 78 | break; |
| 79 | } |
| 80 | |
| 81 | if ($perms['node_system_access'] != 'private' |
| 82 | && (empty($_SESSION['user_id'])) |
| 83 | && $perms['node_external_access'] == 'yes') { |
| 84 | $perms['r'] = 1; |
| 85 | $perms['w'] = 0; |
| 86 | break; |
| 87 | } |
| 88 | |
| 89 | } // if ($perms['node_permission'] == '' && $perms['node_system_access'] == '') |
| 90 | else { |
| 91 | // ked som v public alebo moderated fore a dalsie nadradene su uz privatne |
| 92 | if ($node_system_access != 'private' && $qr_np->getString('node_system_access') == 'private') |
| 93 | break; |
| 94 | // ked som v privatnom fore a dalsie nadradene su public alebo moderated |
| 95 | if ($node_system_access == 'private' && $qr_np->getString('node_system_access') != 'private') |
| 96 | break; |
| 97 | } |
| 98 | |
| 99 | $node_permission = $qr_np->getString('node_permission'); |
| 100 | $node_system_access = $qr_np->getString('node_system_access'); |
| 101 | |
| 102 | // nastavim r/w podla permissions a skoncim to |
| 103 | if ($node_permission == 'ban') { |
| 104 | $perms['r'] = 0; |
| 105 | $perms['w'] = 0; |
| 106 | break; |
| 107 | } |
| 108 | elseif ($node_permission == 'silence') { |
| 109 | $perms['r'] = 1; |
| 110 | $perms['w'] = 0; |
| 111 | break; |
| 112 | } |
| 113 | elseif ($node_permission == 'op') { |
| 114 | $perms['r'] = 1; |
| 115 | $perms['w'] = 1; |
| 116 | break; |
| 117 | } |
| 118 | elseif ($node_permission == 'master') { |
| 119 | $perms['r'] = 1; |
| 120 | $perms['w'] = 1; |
| 121 | break; |
| 122 | } |
| 123 | elseif ($node_permission == 'access') { |
| 124 | $perms['r'] = 1; |
| 125 | $perms['w'] = 1; |
| 126 | break; |
| 127 | } |
| 128 | |
| 129 | if ($qr_np->getString('node_creator') == $user_id) { |
| 130 | $perms['node_permission'] = 'owner'; |
| 131 | $perms['r'] = 1; |
| 132 | $perms['w'] = 1; |
| 133 | break; |
| 134 | } |
| 135 | |
| 136 | } |
| 137 | return $perms; |
| 138 | } |
| 139 | |
| 140 | } |
| 141 | |
| 142 | ?> |