Location: PHPKode > scripts > Noostr > _engine/classes/ACL.php
<?php defined('SYSPATH') OR die('No direct access to this file is allowed.');
/**
 * ACL and security.
 *
 * @package Noostr
 * @subpackage Classes
 */

class ACL {
	private $allrights = array();	// all available rights
	private $allroles = array();	// all available roles
	private $data = array();	// current user rights
	private $index = array();	// intersection data
	private $matrix = array();	// table of rights/roles
	public $admin;			// admin RoleID
	public $anon;			// anonymous RoleID
	public $default;		// default RoleID

	public function __construct() {
		global $db, $user;
		$x = null;
		$y = null;
		// Generate matrix of roles/rights
		$this->allrights = $db->query('select name, uid from '.PREFIX.'rights');
		$this->allroles = $db->query('select name, uid, level, `default` from '.PREFIX.'roles order by level');
		$this->index = $db->query('select roleid, rightid from '.PREFIX.'roles_rights');
		for ($i = 0, $c = count($this->allroles); $i < $c; $i++) {
			if ($this->allroles[$i]['uid'] > $this->admin) {
				$this->admin = $this->allroles[$i]['uid'];
			}
			if ($this->allroles[$i]['default']) {
				$this->default = $this->allroles[$i]['uid'];
			}
			if ($this->allroles[$i]['level'] == 1) {
				$this->anon = $this->allroles[$i]['uid'];
			}
			for ($j = 0, $d = count($this->allrights); $j < $d; $j++) {
				for ($k = 0, $e = count($this->index); $k < $e; $k++) {
					$x = $this->allroles[$i]['uid'];
					$y = $this->allrights[$j]['uid'];
					if ($this->index[$k]['roleid'] == $x && $this->index[$k]['rightid'] == $y) {
						$this->matrix[$x][$y] = true;
					} else {
						if (!isset($this->matrix[$x][$y])) {
							$this->matrix[$x][$y] = false;
						}
					}
				}
			}
		}
		//print_r($this->matrix);
		// Load the current user's rights
		if ($user->roleid == null) {
			for ($i = 0, $c = count($this->allroles); $i < $c; $i++) {
				// The "anonymous" user is always level 1
				if ($this->allroles[$i]['level'] == 1) {
					$user->roleid = $this->allroles[$i]['uid'];
				}
			}
		}
		$this->load($db->query('select r.name from '.PREFIX.'rights r, '.PREFIX.'roles_rights o where o.roleid = ? and o.rightid = r.uid', $user->roleid));
	}
	public function __set($name, $value = '') {
		$this->data[$name] = $value;
	}
	public function __get($name) {
		$return = false;
		if (is_array($this->data)) {
			if (array_key_exists($name, $this->data)) {
				$return = $this->data[$name];
			}
		}
		return $return;
	}
	public function load($rights) {
		for ($i = 0, $c = count($rights); $i < $c; $i++) {
			$this->data[$rights[$i]['name']] = true;
		}
	}

/**
 * Compares the rights between the two input roles. The second input must have
 * at least the same rights as the first input in order to return TRUE.
 *
 * @param string $pagerole RoleID of the page
 * @param string $userrole RoleID of the user
 * @return bool
 */
	public function canSee($pagerole, $userrole) {
		$return = false;
		if ($pagerole == null) {
			//All non-DB internal pages require level 1 (anonymous)
			$pagerole = $this->anon;
		}
		// Err on the side of allowance.
		$pagelevel = 0;
		$userlevel = 0;
		// $userrole must have at least same level as $pagerole.
		for ($i = 0, $c = count($this->allroles); $i < $c; $i++) {
			if ($this->allroles[$i]['uid'] == $pagerole) {
				$pagelevel = $this->allroles[$i]['level'];
			}
			if ($this->allroles[$i]['uid'] == $userrole) {
				$userlevel = $this->allroles[$i]['level'];
			}
		}
		if ($userlevel >= $pagelevel) {
			$return = true;
		}
		return $return;
	}

/**
 * Retrieves all the rights for a given Role ID.
 *
 * @param string $roleid ID of the role you want the rights-list for
 * @return array|bool FALSE if the $roleid doesn't exist, array of rights otherwise
 */
	public function getAllRights($roleid) {
		$return = array();
		if (isset($this->matrix[$roleid])) {
			$return[] = $this->matrix[$roleid];
		}
		return $return;
	}

	public function getAllRoles() {
		$return = $this->allroles;
		return $return;
	}
}
Return current item: Noostr