Total Complexity | 92 |
Total Lines | 716 |
Duplicated Lines | 0 % |
Changes | 0 |
Complex classes like Permission often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use Permission, and based on these observations, apply Extract Interface, too.
1 | <?php |
||
24 | class Permission extends DataObject implements TemplateGlobalProvider, Resettable, i18nEntityProvider |
||
25 | { |
||
26 | |||
27 | // the (1) after Type specifies the DB default value which is needed for |
||
28 | // upgrades from older SilverStripe versions |
||
29 | private static $db = array( |
||
|
|||
30 | "Code" => "Varchar(255)", |
||
31 | "Arg" => "Int", |
||
32 | "Type" => "Int(1)" |
||
33 | ); |
||
34 | |||
35 | private static $has_one = array( |
||
36 | "Group" => Group::class, |
||
37 | ); |
||
38 | |||
39 | private static $indexes = array( |
||
40 | "Code" => true |
||
41 | ); |
||
42 | |||
43 | private static $defaults = array( |
||
44 | "Type" => 1 |
||
45 | ); |
||
46 | |||
47 | private static $table_name = "Permission"; |
||
48 | |||
49 | /** |
||
50 | * This is the value to use for the "Type" field if a permission should be |
||
51 | * granted. |
||
52 | */ |
||
53 | const GRANT_PERMISSION = 1; |
||
54 | |||
55 | /** |
||
56 | * This is the value to use for the "Type" field if a permission should be |
||
57 | * denied. |
||
58 | */ |
||
59 | const DENY_PERMISSION = -1; |
||
60 | |||
61 | /** |
||
62 | * This is the value to use for the "Type" field if a permission should be |
||
63 | * inherited. |
||
64 | */ |
||
65 | const INHERIT_PERMISSION = 0; |
||
66 | |||
67 | |||
68 | /** |
||
69 | * Method to globally disable "strict" checking, which means a permission |
||
70 | * will be granted if the key does not exist at all. |
||
71 | * |
||
72 | * @deprecated 4.4.0 |
||
73 | * @var array |
||
74 | */ |
||
75 | private static $declared_permissions = null; |
||
76 | |||
77 | /** |
||
78 | * Linear list of declared permissions in the system. |
||
79 | * |
||
80 | * @deprecated 4.4.0 |
||
81 | * @var array |
||
82 | */ |
||
83 | private static $declared_permissions_list = null; |
||
84 | |||
85 | /** |
||
86 | * @config |
||
87 | * @var $strict_checking Boolean Method to globally disable "strict" checking, |
||
88 | * which means a permission will be granted if the key does not exist at all. |
||
89 | */ |
||
90 | private static $strict_checking = true; |
||
91 | |||
92 | /** |
||
93 | * Set to false to prevent the 'ADMIN' permission from implying all |
||
94 | * permissions in the system |
||
95 | * |
||
96 | * @config |
||
97 | * @var bool |
||
98 | */ |
||
99 | private static $admin_implies_all = true; |
||
100 | |||
101 | /** |
||
102 | * a list of permission codes which doesn't appear in the Permission list |
||
103 | * when make the {@link PermissionCheckboxSetField} |
||
104 | * @config |
||
105 | * @var array; |
||
106 | */ |
||
107 | private static $hidden_permissions = array(); |
||
108 | |||
109 | /** |
||
110 | * @config These permissions can only be applied by ADMIN users, to prevent |
||
111 | * privilege escalation on group assignments and inheritance. |
||
112 | * @var array |
||
113 | */ |
||
114 | private static $privileged_permissions = array( |
||
115 | 'ADMIN', |
||
116 | 'APPLY_ROLES', |
||
117 | 'EDIT_PERMISSIONS' |
||
118 | ); |
||
119 | |||
120 | /** |
||
121 | * Check that the current member has the given permission. |
||
122 | * |
||
123 | * @param string|array $code Code of the permission to check (case-sensitive) |
||
124 | * @param string $arg Optional argument (e.g. a permissions for a specific page) |
||
125 | * @param int|Member $member Optional member instance or ID. If set to NULL, the permssion |
||
126 | * will be checked for the current user |
||
127 | * @param bool $strict Use "strict" checking (which means a permission |
||
128 | * will be granted if the key does not exist at all)? |
||
129 | * @return int|bool The ID of the permission record if the permission |
||
130 | * exists; FALSE otherwise. If "strict" checking is |
||
131 | * disabled, TRUE will be returned if the permission does not exist at all. |
||
132 | */ |
||
133 | public static function check($code, $arg = "any", $member = null, $strict = true) |
||
134 | { |
||
135 | if (!$member) { |
||
136 | if (!Security::getCurrentUser()) { |
||
137 | return false; |
||
138 | } |
||
139 | $member = Security::getCurrentUser(); |
||
140 | } |
||
141 | |||
142 | return self::checkMember($member, $code, $arg, $strict); |
||
143 | } |
||
144 | |||
145 | /** |
||
146 | * Permissions cache. The format is a map, where the keys are member IDs, and the values are |
||
147 | * arrays of permission codes. |
||
148 | */ |
||
149 | private static $cache_permissions = array(); |
||
150 | |||
151 | /** |
||
152 | * Flush the permission cache, for example if you have edited group membership or a permission record. |
||
153 | * @todo Call this whenever Group_Members is added to or removed from |
||
154 | */ |
||
155 | public static function reset() |
||
158 | } |
||
159 | |||
160 | /** |
||
161 | * Check that the given member has the given permission. |
||
162 | * |
||
163 | * @param int|Member memberID The ID of the member to check. Leave blank for the current member. |
||
164 | * Alternatively you can use a member object. |
||
165 | * @param string|array $code Code of the permission to check (case-sensitive) |
||
166 | * @param string $arg Optional argument (e.g. a permissions for a specific page) |
||
167 | * @param bool $strict Use "strict" checking (which means a permission |
||
168 | * will be granted if the key does not exist at all)? |
||
169 | * @return int|bool The ID of the permission record if the permission |
||
170 | * exists; FALSE otherwise. If "strict" checking is |
||
171 | * disabled, TRUE will be returned if the permission does not exist at all. |
||
172 | */ |
||
173 | public static function checkMember($member, $code, $arg = "any", $strict = true) |
||
174 | { |
||
175 | if (!$member) { |
||
176 | $member = Security::getCurrentUser(); |
||
177 | } |
||
178 | $memberID = ($member instanceof Member) ? $member->ID : $member; |
||
179 | |||
180 | if (!$memberID) { |
||
181 | return false; |
||
182 | } |
||
183 | |||
184 | // Turn the code into an array as we may need to add other permsissions to the set we check |
||
185 | if (!is_array($code)) { |
||
186 | $code = array($code); |
||
187 | } |
||
188 | |||
189 | // Check if admin should be treated as holding all permissions |
||
190 | $adminImpliesAll = (bool)static::config()->admin_implies_all; |
||
191 | |||
192 | if ($arg == 'any') { |
||
193 | // Cache the permissions in memory |
||
194 | if (!isset(self::$cache_permissions[$memberID])) { |
||
195 | self::$cache_permissions[$memberID] = self::permissions_for_member($memberID); |
||
196 | } |
||
197 | foreach ($code as $permCode) { |
||
198 | if ($permCode === 'CMS_ACCESS') { |
||
199 | foreach (self::$cache_permissions[$memberID] as $perm) { |
||
200 | //if they have admin rights OR they have an explicit access to the CMS then give permission |
||
201 | if (($adminImpliesAll && $perm == 'ADMIN') || substr($perm, 0, 11) === 'CMS_ACCESS_') { |
||
202 | return true; |
||
203 | } |
||
204 | } |
||
205 | } elseif (substr($permCode, 0, 11) === 'CMS_ACCESS_' && !in_array('CMS_ACCESS_LeftAndMain', $code)) { |
||
206 | //cms_access_leftandmain means access to all CMS areas |
||
207 | $code[] = 'CMS_ACCESS_LeftAndMain'; |
||
208 | } |
||
209 | } |
||
210 | |||
211 | // if ADMIN has all privileges, then we need to push that code in |
||
212 | if ($adminImpliesAll) { |
||
213 | $code[] = "ADMIN"; |
||
214 | } |
||
215 | |||
216 | // Multiple $code values - return true if at least one matches, ie, intersection exists |
||
217 | return (bool)array_intersect($code, self::$cache_permissions[$memberID]); |
||
218 | } |
||
219 | |||
220 | // Code filters |
||
221 | $codeParams = is_array($code) ? $code : array($code); |
||
222 | $codeClause = DB::placeholders($codeParams); |
||
223 | $adminParams = $adminImpliesAll ? array('ADMIN') : array(); |
||
224 | $adminClause = $adminImpliesAll ? ", ?" : ''; |
||
225 | |||
226 | // The following code should only be used if you're not using the "any" arg. This is kind |
||
227 | // of obselete functionality and could possibly be deprecated. |
||
228 | $groupParams = self::groupList($memberID); |
||
229 | if (empty($groupParams)) { |
||
230 | return false; |
||
231 | } |
||
232 | $groupClause = DB::placeholders($groupParams); |
||
233 | |||
234 | // Arg component |
||
235 | $argClause = ""; |
||
236 | $argParams = array(); |
||
237 | switch ($arg) { |
||
238 | case "any": |
||
239 | break; |
||
240 | case "all": |
||
241 | $argClause = " AND \"Arg\" = ?"; |
||
242 | $argParams = array(-1); |
||
243 | break; |
||
244 | default: |
||
245 | if (is_numeric($arg)) { |
||
246 | $argClause = "AND \"Arg\" IN (?, ?) "; |
||
247 | $argParams = array(-1, $arg); |
||
248 | } else { |
||
249 | user_error("Permission::checkMember: bad arg '$arg'", E_USER_ERROR); |
||
250 | } |
||
251 | } |
||
252 | |||
253 | // Raw SQL for efficiency |
||
254 | $permission = DB::prepared_query( |
||
255 | "SELECT \"ID\" |
||
256 | FROM \"Permission\" |
||
257 | WHERE ( |
||
258 | \"Code\" IN ($codeClause $adminClause) |
||
259 | AND \"Type\" = ? |
||
260 | AND \"GroupID\" IN ($groupClause) |
||
261 | $argClause |
||
262 | )", |
||
263 | array_merge( |
||
264 | $codeParams, |
||
265 | $adminParams, |
||
266 | array(self::GRANT_PERMISSION), |
||
267 | $groupParams, |
||
268 | $argParams |
||
269 | ) |
||
270 | )->value(); |
||
271 | |||
272 | if ($permission) { |
||
273 | return $permission; |
||
274 | } |
||
275 | |||
276 | // Strict checking disabled? |
||
277 | if (!static::config()->strict_checking || !$strict) { |
||
278 | $hasPermission = DB::prepared_query( |
||
279 | "SELECT COUNT(*) |
||
280 | FROM \"Permission\" |
||
281 | WHERE ( |
||
282 | \"Code\" IN ($codeClause) AND |
||
283 | \"Type\" = ? |
||
284 | )", |
||
285 | array_merge($codeParams, array(self::GRANT_PERMISSION)) |
||
286 | )->value(); |
||
287 | |||
288 | if (!$hasPermission) { |
||
289 | return false; |
||
290 | } |
||
291 | } |
||
292 | |||
293 | return false; |
||
294 | } |
||
295 | |||
296 | /** |
||
297 | * Get all the 'any' permission codes available to the given member. |
||
298 | * |
||
299 | * @param int $memberID |
||
300 | * @return array |
||
301 | */ |
||
302 | public static function permissions_for_member($memberID) |
||
303 | { |
||
304 | $groupList = self::groupList($memberID); |
||
305 | |||
306 | if ($groupList) { |
||
307 | $groupCSV = implode(", ", $groupList); |
||
308 | |||
309 | $allowed = array_unique(DB::query(" |
||
310 | SELECT \"Code\" |
||
311 | FROM \"Permission\" |
||
312 | WHERE \"Type\" = " . self::GRANT_PERMISSION . " AND \"GroupID\" IN ($groupCSV) |
||
313 | |||
314 | UNION |
||
315 | |||
316 | SELECT \"Code\" |
||
317 | FROM \"PermissionRoleCode\" PRC |
||
318 | INNER JOIN \"PermissionRole\" PR ON PRC.\"RoleID\" = PR.\"ID\" |
||
319 | INNER JOIN \"Group_Roles\" GR ON GR.\"PermissionRoleID\" = PR.\"ID\" |
||
320 | WHERE \"GroupID\" IN ($groupCSV) |
||
321 | ")->column()); |
||
322 | |||
323 | $denied = array_unique(DB::query(" |
||
324 | SELECT \"Code\" |
||
325 | FROM \"Permission\" |
||
326 | WHERE \"Type\" = " . self::DENY_PERMISSION . " AND \"GroupID\" IN ($groupCSV) |
||
327 | ")->column()); |
||
328 | |||
329 | return array_diff($allowed, $denied); |
||
330 | } |
||
331 | |||
332 | return array(); |
||
333 | } |
||
334 | |||
335 | |||
336 | /** |
||
337 | * Get the list of groups that the given member belongs to. |
||
338 | * |
||
339 | * Call without an argument to get the groups that the current member |
||
340 | * belongs to. In this case, the results will be session-cached. |
||
341 | * |
||
342 | * @param int $memberID The ID of the member. Leave blank for the current |
||
343 | * member. |
||
344 | * @return array Returns a list of group IDs to which the member belongs |
||
345 | * to or NULL. |
||
346 | */ |
||
347 | public static function groupList($memberID = null) |
||
348 | { |
||
349 | // Default to current member, with session-caching |
||
350 | if (!$memberID) { |
||
351 | $member = Security::getCurrentUser(); |
||
352 | if ($member && isset($_SESSION['Permission_groupList'][$member->ID])) { |
||
353 | return $_SESSION['Permission_groupList'][$member->ID]; |
||
354 | } |
||
355 | } else { |
||
356 | $member = DataObject::get_by_id("SilverStripe\\Security\\Member", $memberID); |
||
357 | } |
||
358 | |||
359 | if ($member) { |
||
360 | // Build a list of the IDs of the groups. Most of the heavy lifting |
||
361 | // is done by Member::Groups |
||
362 | // NOTE: This isn't effecient; but it's called once per session so |
||
363 | // it's a low priority to fix. |
||
364 | $groups = $member->Groups(); |
||
365 | $groupList = array(); |
||
366 | |||
367 | if ($groups) { |
||
368 | foreach ($groups as $group) { |
||
369 | $groupList[] = $group->ID; |
||
370 | } |
||
371 | } |
||
372 | |||
373 | |||
374 | // Session caching |
||
375 | if (!$memberID) { |
||
376 | $_SESSION['Permission_groupList'][$member->ID] = $groupList; |
||
377 | } |
||
378 | |||
379 | return isset($groupList) ? $groupList : null; |
||
380 | } |
||
381 | return null; |
||
382 | } |
||
383 | |||
384 | |||
385 | /** |
||
386 | * Grant the given permission code/arg to the given group |
||
387 | * |
||
388 | * @param int $groupID The ID of the group |
||
389 | * @param string $code The permission code |
||
390 | * @param string $arg Optional: The permission argument (e.g. a page ID). |
||
391 | * @returns Permission Returns the new permission object. |
||
392 | */ |
||
393 | public static function grant($groupID, $code, $arg = "any") |
||
394 | { |
||
395 | $perm = new Permission(); |
||
396 | $perm->GroupID = $groupID; |
||
397 | $perm->Code = $code; |
||
398 | $perm->Type = self::GRANT_PERMISSION; |
||
399 | |||
400 | // Arg component |
||
401 | switch ($arg) { |
||
402 | case "any": |
||
403 | break; |
||
404 | case "all": |
||
405 | $perm->Arg = -1; |
||
406 | break; |
||
407 | default: |
||
408 | if (is_numeric($arg)) { |
||
409 | $perm->Arg = $arg; |
||
410 | } else { |
||
411 | user_error( |
||
412 | "Permission::checkMember: bad arg '$arg'", |
||
413 | E_USER_ERROR |
||
414 | ); |
||
415 | } |
||
416 | } |
||
417 | |||
418 | $perm->write(); |
||
419 | return $perm; |
||
420 | } |
||
421 | |||
422 | |||
423 | /** |
||
424 | * Deny the given permission code/arg to the given group |
||
425 | * |
||
426 | * @param int $groupID The ID of the group |
||
427 | * @param string $code The permission code |
||
428 | * @param string $arg Optional: The permission argument (e.g. a page ID). |
||
429 | * @returns Permission Returns the new permission object. |
||
430 | */ |
||
431 | public static function deny($groupID, $code, $arg = "any") |
||
458 | } |
||
459 | |||
460 | /** |
||
461 | * Returns all members for a specific permission. |
||
462 | * |
||
463 | * @param string|array $code Either a single permission code, or a list of permission codes |
||
464 | * @return SS_List Returns a set of member that have the specified |
||
465 | * permission. |
||
466 | */ |
||
467 | public static function get_members_by_permission($code) |
||
468 | { |
||
469 | $toplevelGroups = self::get_groups_by_permission($code); |
||
470 | if (!$toplevelGroups) { |
||
471 | return new ArrayList(); |
||
472 | } |
||
473 | |||
474 | $groupIDs = array(); |
||
475 | foreach ($toplevelGroups as $group) { |
||
476 | $familyIDs = $group->collateFamilyIDs(); |
||
477 | if (is_array($familyIDs)) { |
||
478 | $groupIDs = array_merge($groupIDs, array_values($familyIDs)); |
||
479 | } |
||
480 | } |
||
481 | |||
482 | if (empty($groupIDs)) { |
||
483 | return new ArrayList(); |
||
484 | } |
||
485 | |||
486 | $groupClause = DB::placeholders($groupIDs); |
||
487 | /** @skipUpgrade */ |
||
488 | $members = Member::get() |
||
489 | ->where(array("\"Group\".\"ID\" IN ($groupClause)" => $groupIDs)) |
||
490 | ->leftJoin("Group_Members", '"Member"."ID" = "Group_Members"."MemberID"') |
||
491 | ->leftJoin("Group", '"Group_Members"."GroupID" = "Group"."ID"'); |
||
492 | |||
493 | return $members; |
||
494 | } |
||
495 | |||
496 | /** |
||
497 | * Return all of the groups that have one of the given permission codes |
||
498 | * @param array|string $codes Either a single permission code, or an array of permission codes |
||
499 | * @return SS_List The matching group objects |
||
500 | */ |
||
501 | public static function get_groups_by_permission($codes) |
||
502 | { |
||
503 | $codeParams = is_array($codes) ? $codes : array($codes); |
||
504 | $codeClause = DB::placeholders($codeParams); |
||
505 | |||
506 | // Via Roles are groups that have the permission via a role |
||
507 | /** @skipUpgrade */ |
||
508 | return Group::get() |
||
509 | ->where(array( |
||
510 | "\"PermissionRoleCode\".\"Code\" IN ($codeClause) OR \"Permission\".\"Code\" IN ($codeClause)" |
||
511 | => array_merge($codeParams, $codeParams) |
||
512 | )) |
||
513 | ->leftJoin('Permission', "\"Permission\".\"GroupID\" = \"Group\".\"ID\"") |
||
514 | ->leftJoin('Group_Roles', "\"Group_Roles\".\"GroupID\" = \"Group\".\"ID\"") |
||
515 | ->leftJoin('PermissionRole', "\"Group_Roles\".\"PermissionRoleID\" = \"PermissionRole\".\"ID\"") |
||
516 | ->leftJoin('PermissionRoleCode', "\"PermissionRoleCode\".\"RoleID\" = \"PermissionRole\".\"ID\""); |
||
517 | } |
||
518 | |||
519 | |||
520 | /** |
||
521 | * Get a list of all available permission codes, both defined through the |
||
522 | * {@link PermissionProvider} interface, and all not explicitly defined codes existing |
||
523 | * as a {@link Permission} database record. By default, the results are |
||
524 | * grouped as denoted by {@link Permission_Group}. |
||
525 | * |
||
526 | * @param bool $grouped Group results into an array of permission groups. |
||
527 | * @return array Returns an array of all available permission codes. The |
||
528 | * array indicies are the permission codes as used in |
||
529 | * {@link Permission::check()}. The value is a description |
||
530 | * suitable for using in an interface. |
||
531 | */ |
||
532 | public static function get_codes($grouped = true) |
||
533 | { |
||
534 | $classes = ClassInfo::implementorsOf('SilverStripe\\Security\\PermissionProvider'); |
||
535 | |||
536 | $allCodes = array(); |
||
537 | $adminCategory = _t(__CLASS__ . '.AdminGroup', 'Administrator'); |
||
538 | $allCodes[$adminCategory]['ADMIN'] = array( |
||
539 | 'name' => _t(__CLASS__ . '.FULLADMINRIGHTS', 'Full administrative rights'), |
||
540 | 'help' => _t( |
||
541 | 'SilverStripe\\Security\\Permission.FULLADMINRIGHTS_HELP', |
||
542 | 'Implies and overrules all other assigned permissions.' |
||
543 | ), |
||
544 | 'sort' => 100000 |
||
545 | ); |
||
546 | |||
547 | if ($classes) { |
||
548 | foreach ($classes as $class) { |
||
549 | $SNG = singleton($class); |
||
550 | if ($SNG instanceof TestOnly) { |
||
551 | continue; |
||
552 | } |
||
553 | |||
554 | $someCodes = $SNG->providePermissions(); |
||
555 | if ($someCodes) { |
||
556 | foreach ($someCodes as $k => $v) { |
||
557 | if (is_array($v)) { |
||
558 | // There must be a category and name key. |
||
559 | if (!isset($v['category'])) { |
||
560 | user_error( |
||
561 | "The permission $k must have a category key", |
||
562 | E_USER_WARNING |
||
563 | ); |
||
564 | } |
||
565 | if (!isset($v['name'])) { |
||
566 | user_error( |
||
567 | "The permission $k must have a name key", |
||
568 | E_USER_WARNING |
||
569 | ); |
||
570 | } |
||
571 | |||
572 | if (!isset($allCodes[$v['category']])) { |
||
573 | $allCodes[$v['category']] = array(); |
||
574 | } |
||
575 | |||
576 | $allCodes[$v['category']][$k] = array( |
||
577 | 'name' => $v['name'], |
||
578 | 'help' => isset($v['help']) ? $v['help'] : null, |
||
579 | 'sort' => isset($v['sort']) ? $v['sort'] : 0 |
||
580 | ); |
||
581 | } else { |
||
582 | $allCodes['Other'][$k] = array( |
||
583 | 'name' => $v, |
||
584 | 'help' => null, |
||
585 | 'sort' => 0 |
||
586 | ); |
||
587 | } |
||
588 | } |
||
589 | } |
||
590 | } |
||
591 | } |
||
592 | |||
593 | $flatCodeArray = array(); |
||
594 | foreach ($allCodes as $category) { |
||
595 | foreach ($category as $code => $permission) { |
||
596 | $flatCodeArray[] = $code; |
||
597 | } |
||
598 | } |
||
599 | $otherPerms = DB::query("SELECT DISTINCT \"Code\" From \"Permission\" WHERE \"Code\" != ''")->column(); |
||
600 | |||
601 | if ($otherPerms) { |
||
602 | foreach ($otherPerms as $otherPerm) { |
||
603 | if (!in_array($otherPerm, $flatCodeArray)) { |
||
604 | $allCodes['Other'][$otherPerm] = array( |
||
605 | 'name' => $otherPerm, |
||
606 | 'help' => null, |
||
607 | 'sort' => 0 |
||
608 | ); |
||
609 | } |
||
610 | } |
||
611 | } |
||
612 | |||
613 | // Don't let people hijack ADMIN rights |
||
614 | if (!Permission::check("ADMIN")) { |
||
615 | unset($allCodes['ADMIN']); |
||
616 | } |
||
617 | |||
618 | ksort($allCodes); |
||
619 | |||
620 | $returnCodes = array(); |
||
621 | foreach ($allCodes as $category => $permissions) { |
||
622 | if ($grouped) { |
||
623 | uasort($permissions, array(__CLASS__, 'sort_permissions')); |
||
624 | $returnCodes[$category] = $permissions; |
||
625 | } else { |
||
626 | $returnCodes = array_merge($returnCodes, $permissions); |
||
627 | } |
||
628 | } |
||
629 | |||
630 | return $returnCodes; |
||
631 | } |
||
632 | |||
633 | /** |
||
634 | * Sort permissions based on their sort value, or name |
||
635 | * |
||
636 | * @param array $a |
||
637 | * @param array $b |
||
638 | * @return int |
||
639 | */ |
||
640 | public static function sort_permissions($a, $b) |
||
641 | { |
||
642 | if ($a['sort'] == $b['sort']) { |
||
643 | // Same sort value, do alpha instead |
||
644 | return strcmp($a['name'], $b['name']); |
||
645 | } else { |
||
646 | // Just numeric. |
||
647 | return $a['sort'] < $b['sort'] ? -1 : 1; |
||
648 | } |
||
649 | } |
||
650 | |||
651 | /** |
||
652 | * Get a linear list of the permissions in the system. |
||
653 | * |
||
654 | * @return array Linear list of declared permissions in the system. |
||
655 | * @deprecated 4.4.0 |
||
656 | */ |
||
657 | public static function get_declared_permissions_list() |
||
658 | { |
||
659 | if (!self::$declared_permissions) { |
||
660 | return null; |
||
661 | } |
||
662 | |||
663 | if (self::$declared_permissions_list) { |
||
664 | return self::$declared_permissions_list; |
||
665 | } |
||
666 | |||
667 | self::$declared_permissions_list = array(); |
||
668 | |||
669 | self::traverse_declared_permissions(self::$declared_permissions, self::$declared_permissions_list); |
||
670 | |||
671 | return self::$declared_permissions_list; |
||
672 | } |
||
673 | |||
674 | /** |
||
675 | * Look up the human-readable title for the permission as defined by <code>Permission::declare_permissions</code> |
||
676 | * |
||
677 | * @param string $perm Permission code |
||
678 | * @return string Label for the given permission, or the permission itself if the label doesn't exist |
||
679 | * @deprecated 4.4.0 |
||
680 | */ |
||
681 | public static function get_label_for_permission($perm) |
||
682 | { |
||
683 | $list = self::get_declared_permissions_list(); |
||
684 | if (array_key_exists($perm, $list)) { |
||
685 | return $list[$perm]; |
||
686 | } |
||
687 | return $perm; |
||
688 | } |
||
689 | |||
690 | /** |
||
691 | * Recursively traverse the nested list of declared permissions and create |
||
692 | * a linear list. |
||
693 | * |
||
694 | * @param array $declared Nested structure of permissions. |
||
695 | * @param array $list List of permissions in the structure. The result will be |
||
696 | * written to this array. |
||
697 | * @deprecated 4.4.0 |
||
698 | */ |
||
699 | protected static function traverse_declared_permissions($declared, &$list) |
||
700 | { |
||
701 | if (!is_array($declared)) { |
||
702 | return; |
||
703 | } |
||
704 | |||
705 | foreach ($declared as $perm => $value) { |
||
706 | if ($value instanceof Permission_Group) { |
||
707 | $list[] = $value->getName(); |
||
708 | self::traverse_declared_permissions($value->getPermissions(), $list); |
||
709 | } else { |
||
710 | $list[$perm] = $value; |
||
711 | } |
||
712 | } |
||
713 | } |
||
714 | |||
715 | public function onBeforeWrite() |
||
721 | } |
||
722 | |||
723 | public static function get_template_global_variables() |
||
724 | { |
||
725 | return array( |
||
726 | 'HasPerm' => 'check' |
||
727 | ); |
||
728 | } |
||
729 | |||
730 | public function provideI18nEntities() |
||
740 | } |
||
741 | } |
||
742 |