PHP Classes

File: vendor/jackbooted/security/Privileges.php

Recommend this page to a friend!
  Classes of Brett Dutton   JackBooted PHP Framework   vendor/jackbooted/security/Privileges.php   Download  
File: vendor/jackbooted/security/Privileges.php
Role: Class source
Content type: text/plain
Description: Class source
Class: JackBooted PHP Framework
Web application framework using simplified MVC
Author: By
Last change:
Date: 8 years ago
Size: 4,121 bytes
 

Contents

Class file image Download
<?php
namespace Jackbooted\Security;

use \
Jackbooted\Admin\Admin;
use \
Jackbooted\Config\Cfg;
use \
Jackbooted\DB\DB;
use \
Jackbooted\DB\DBTable;
use \
Jackbooted\Forms\Request;
use \
Jackbooted\G;
use \
Jackbooted\Html\WebPage;
use \
Jackbooted\Util\Log4PHP;
/**
 * @copyright Confidential and copyright (c) 2016 Jackbooted Software. All rights reserved.
 *
 * Written by Brett Dutton of Jackbooted Software
 * brett at brettdutton dot com
 *
 * This software is written and distributed under the GNU General Public
 * License which means that its source code is freely-distributed and
 * available to the general public.
 */

class Privileges extends \Jackbooted\Util\JB {

    private static
$cache = [];
    private static
$log;
    private static
$securityLevels = null;

    public static function
init ( ) {
       
self::$log = new Log4PHP ( __CLASS__ );
    }

    public static function
access ( $action=null ) {
        if ( !
Cfg::get ( 'check_priviliages' ) ) return true;

        if (
$action == null ) $action = Request::get ( WebPage::ACTION );
        if ( isset (
self::$cache[$action] ) ) return self::$cache[$action];

        if ( (
$priviliagesIDs = self::getPriviliageIDs ( $action ) ) === false ) {
           
self::$log->warn ( 'No priviliages found for action: ' . $action );
            return
self::$cache[$action] = true;
        }

       
$uid = G::get ( 'fldUserID', '0' );
       
$groupIDs = self::getGroupIDs ( $uid );
       
$params = [];
       
$privIdIn = DB::in ( $priviliagesIDs, $params );
       
$params[] = $uid;
       
$params[] = (int)G::get ( 'fldLevel', 7 );
       
$groupIn = DB::in ( $groupIDs, $params );

       
$now = time();

       
$sql = <<<SQL
SELECT count(*) FROM tblSecPrivUserMap
            WHERE fldPrivilegeID IN (
$privIdIn )
            AND ( fldStartDate=0 OR fldStartDate <
$now )
            AND ( fldEndDate=0 OR fldEndDate >
$now )
            AND ( ( fldUserID IS NOT NULL AND fldUserID<>'' AND fldUserID=? ) OR
                    ( fldLevelID IS NOT NULL AND fldLevelID<>'' AND fldLevelID>=? ) OR
                      fldGroupID IN (
$groupIn ) )
SQL;

        if (
DB::oneValue ( DB::DEF, $sql, $params ) > 0 ) {
            return
self::$cache[$action] = true;
        }

        return
self::canLogin ( $priviliagesIDs );
    }

    private static function
canLogin ( $priviliagesIDs ) {
       
$privIdIn = DB::in ( $priviliagesIDs );
       
$now = time();

       
$sql = <<<SQL
SELECT fldLoginAction FROM tblSecPrivUserMap
            WHERE fldPrivilegeID IN (
$privIdIn )
            AND ( fldStartDate=0 OR fldStartDate <
$now )
            AND ( fldEndDate=0 OR fldEndDate >
$now )
            AND fldLevelID IS NOT NULL
            AND fldLevelID <> ''
            AND fldLoginAction IS NOT NULL
            AND fldLoginAction <> ''
SQL;

        return
DB::oneValue ( DB::DEF, $sql, $priviliagesIDs );
    }

    private static function
getGroupIDs ( $uid ) {
       
$qry = 'SELECT fldGroupID FROM tblUserGroupMap WHERE fldUserID=?';
       
$groups = DBTable::factory ( DB::DEF, $qry, $uid, DB::FETCH_NUM )->getColumn ( 0 );
       
$groups[] = DB::oneValue ( DB::DEF, 'SELECT fldGroupID FROM tblGroup LIMIT 1' );
        return
$groups;
    }

    private static function
getPriviliageIDs ( $action ) {
       
$sql = 'SELECT fldSecPrivilegesID FROM tblSecPrivileges WHERE ? LIKE fldAction';
       
$tab = new DBTable ( DB::DEF, $sql, $action, DB::FETCH_NUM );
        if (
$tab->isEmpty () ) return false;
        return
$tab->getColumn ( 0 );
    }

    public static function
getSecurityLevel ( $level ) {
        if (
self::$securityLevels == null ) {
           
$tab = new DBTable ( DB::DEF, Admin::LEVEL_SQL, null, DB::FETCH_NUM );
           
$valCol = $tab->getColumn ( 0 );
           
$namCol = $tab->getColumn ( 1 );
           
self::$securityLevels = array_merge ( array_combine ( $valCol, $namCol ),
                                                 
array_combine ( $namCol, $valCol ) );
        }
        return
self::$securityLevels[$level];
    }
}