perm

1. <?php
2.  
3. /*
4.  
5. This file is subject to the terms and conditions defined in
6. file 'LICENSE', which is part of this source code package.
7.  
8. © 2022 OtteIT s.r.o.
9. All Rights Reserved.
10.  
11. Author: Vilem Otte <dev@otte.cz>
12.  
13. */
14.  
15. require_once(__DIR__."/../db.php");
16.  
17. /**
18.  * Permission class
19.  *
20.  * Functionality for permission creating, deleting, reading and updating
21.  */
22. class Permission
23. {
24.     /**
25.      * Database class instance
26.      */
27.     private $conn;
28.  
29.     /**
30.      * Permission ID
31.      */
32.     public $id;
33.  
34.     /**
35.      * User's ID (for whom the permission record is)
36.      */
37.     public $user_id;
38.  
39.     /**
40.      * User's role
41.      */
42.     public $role;
43.  
44.     /**
45.      * User's permission level
46.      */
47.     public $level;
48.  
49.     /**
50.      * READ permission (allows reading records)
51.      */
52.     public const READ = 1;
53.  
54.     /**
55.      * WRITE_SELF permission (allows reading and updating own records)
56.      */
57.     public const WRITE_SELF = 2;
58.  
59.     /**
60.      * WRITE permission (allows reading and writing records)
61.      */
62.     public const WRITE = 4;
63.    
64.     /**
65.      * Constructor
66.      *
67.      * @param Database Database connection instance - dbconn
68.      */
69.     public function __construct($dbconn)
70.     {
71.         $this->conn = $dbconn;
72.  
73.         $this->id = null;
74.         $this->user_id = null;
75.         $this->role = null;
76.         $this->level = null;
77.     }
78.  
79.     /**
80.      * Creates permission record
81.      *
82.      * Creates single permission record for specific user, with specific role and level. If such record exists, error is raised
83.      *
84.      * @return mixed Permission record ID on success, null on failure
85.      */
86.     public function Create()
87.     {
88.         $queryCheck = "SELECT * FROM permission WHERE user_id = '" . $this->conn->EscapeString($this->user_id) . "' AND role = '" . $this->conn->EscapeString($this->role) . "'";
89.         $resultCheck = $this->conn->Query($queryCheck);
90.         if ($resultCheck != false)
91.         {
92.             if ($this->conn->GetRowsCount($resultCheck) > 0)
93.             {
94.                 $this->conn->SetError("Permission record for user ID '" . $this->conn->EscapeString($this->user_id) . "' and role '" . $this->conn->EscapeString($this->role) . "' already exists!");
95.                 return null;
96.             }
97.         }
98.  
99.         $query = "INSERT INTO permission (user_id, role, level) VALUES('" . $this->conn->EscapeString($this->user_id) . "', '" . $this->conn->EscapeString($this->role) . "', '" . $this->conn->EscapeString($this->level) . "')";
100.  
101.         $result = $this->conn->Query($query);
102.  
103.         if ($result == false)
104.         {
105.             return null;
106.         }
107.         else
108.         {
109.             $this->id = $this->conn->GetLastInsertID();
110.             return $this->id;
111.         }
112.     }
113.  
114.     /**
115.      * Reads permission records
116.      *
117.      * Reads permission records, optionally for specific user and/or role
118.      *
119.      * @return mixed Null on failure, array of objects on success
120.      */
121.     public function Read()
122.     {
123.         $query = "SELECT * FROM permission WHERE 1 = 1 ";
124.  
125.         if ($this->user_id != null)
126.         {
127.             $query .= " AND user_id = '" . $this->conn->EscapeString($this->user_id) . "'";
128.         }
129.  
130.         if ($this->role != null)
131.         {
132.             $query .= " AND role = '" . $this->conn->EscapeString($this->role) . "'";
133.         }
134.  
135.         $result = $this->conn->Query($query);
136.         if ($result == false)
137.         {
138.             return null;
139.         }
140.         else
141.         {
142.             $numRows = $this->conn->GetRowsCount($result);
143.  
144.             if ($numRows > 0)
145.             {
146.                 $output = [];
147.    
148.                 for ($i = 0; $i < $numRows; $i++)
149.                 {
150.                     $row = $this->conn->GetRow($result, $i);
151.    
152.                     $output[$i] = (object)array();
153.                     $output[$i]->id = $row['id'];
154.                     $output[$i]->user_id = $row['user_id'];
155.                     $output[$i]->role = $row['role'];
156.                     $output[$i]->level = $row['level'];
157.                 }
158.    
159.                 return $output;
160.             }
161.             else
162.             {
163.                 $output = [];
164.    
165.                 $output[0] = (object)array();
166.                 $output[0]->id = $row['id'];
167.                 $output[0]->user_id = $row['user_id'];
168.                 $output[0]->role = $row['role'];
169.                 $output[0]->level = Permission::READ;
170.    
171.                 return $output;
172.             }
173.         }
174.     }
175.  
176.     /**
177.      * Check permission
178.      *
179.      * Checks permission for specific user with specific role at required level
180.      *
181.      * @param int $user_id User ID for which we check permission
182.      * @param string $role Permission role to check for user
183.      * @param int $level Permission level that is required
184.      *
185.      * @return mixed Null on query failure, false when permission is not granted, true when granted
186.      */
187.     public function Check($user_id, $role, $level)
188.     {
189.         $query = "SELECT * FROM permission WHERE user_id = '" . $this->conn->EscapeString($user_id) . "' AND role = '" . $this->conn->EscapeString($role) . "'";
190.  
191.         $result = $this->conn->Query($query);
192.         if ($result == false)
193.         {
194.             return null;
195.         }
196.         else
197.         {
198.             $numRows = $this->conn->GetRowsCount($result);
199.  
200.             for ($i = 0; $i < $numRows; $i++)
201.             {
202.                 $row = $this->conn->GetRow($result, $i);
203.  
204.                 if ((intval($level) & intval($row['level'])) > 0)
205.                 {
206.                     return true;
207.                 }
208.             }
209.         }
210.  
211.         return false;
212.     }
213.  
214.     /**
215.      * Update permission record
216.      *
217.      * Updates single permission record, sets permission role and permission level for given record
218.      *
219.      * @return mixed Null on failure, true on success
220.      */
221.     public function Update()
222.     {
223.         $query = "UPDATE permission SET
224.            role = '" . $this->conn->EscapeString($this->role) . "',
225.            level = '" . $this->conn->EscapeString($this->level) . "' ";
226.  
227.         $query .= "WHERE id = '" . $this->conn->EscapeString($this->id) . "'";
228.  
229.         $result = $this->conn->Query($query);
230.         if ($result == false)
231.         {
232.             return null;
233.         }
234.         else
235.         {
236.             return true;
237.         }
238.     }
239.  
240.     /**
241.      * Delete permission record
242.      *
243.      * Removes permission record from database
244.      *
245.      * @return mixed Null on failure, true on success
246.      */
247.     public function Delete()
248.     {
249.         $query = "DELETE FROM permission WHERE id = '" . $this->conn->EscapeString($this->id) . "'";
250.  
251.         $result = $this->conn->Query($query);
252.         if ($result == false)
253.         {
254.             return null;
255.         }
256.         else
257.         {
258.             return true;
259.         }
260.     }
261. }
262.