gacl_api.php

Joomla!是一套获得过多个奖项的内容管理系统(Content Management System, CMS)。Joomla!采用PHP+MySQL数据库开发

	 * @return bool Returns true if conflict is found.
	 *
	 * @param array Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 * @param array Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 * @param array Array of Group IDs
	 * @param array Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 * @param array Array of Group IDs
	 * @param array Array of ACL IDs to ignore from the result set.
	 *
	 */
	function is_conflicting_acl($aco_array, $aro_array, $aro_group_ids=NULL, $axo_array=NULL, $axo_group_ids=NULL, $ignore_acl_ids=NULL) {
		//Check for potential conflicts. Ignore groups, as groups will almost always have "conflicting" ACLs.
		//Thats part of inheritance.

		if (!is_array($aco_array)) {
			$this->debug_text('is_conflicting_acl(): Invalid ACO Array.');
			return FALSE;
		}

		if (!is_array($aro_array)) {
			$this->debug_text('is_conflicting_acl(): Invalid ARO Array.');
			return FALSE;
		}

		$query  = '
			SELECT		a.id
			FROM		'. $this->_db_table_prefix .'acl a
			LEFT JOIN	'. $this->_db_table_prefix .'aco_map ac ON ac.acl_id=a.id
			LEFT JOIN	'. $this->_db_table_prefix .'aro_map ar ON ar.acl_id=a.id
			LEFT JOIN	'. $this->_db_table_prefix .'axo_map ax ON ax.acl_id=a.id
			LEFT JOIN	'. $this->_db_table_prefix .'axo_groups_map axg ON axg.acl_id=a.id
			LEFT JOIN	'. $this->_db_table_prefix .'axo_groups xg ON xg.id=axg.group_id
			';

		//ACO
		foreach ($aco_array as $aco_section_value => $aco_value_array) {
			$this->debug_text("is_conflicting_acl(): ACO Section Value: $aco_section_value ACO VALUE: $aco_value_array");
			//showarray($aco_array);

			if (!is_array($aco_value_array)) {
				$this->debug_text('is_conflicting_acl(): Invalid Format for ACO Array item. Skipping...');
				continue;
				// return TRUE;
			}
			//Move the below line in to the LEFT JOIN above for PostgreSQL sake.
			//'ac1' => 'ac.acl_id=a.id',
			$where_query = array(
				'ac2' => '(ac.section_value='. $this->db->quote($aco_section_value) .' AND ac.value IN (\''. implode ('\',\'', $aco_value_array) .'\'))'
			);

			//ARO
			foreach ($aro_array as $aro_section_value => $aro_value_array) {
				$this->debug_text("is_conflicting_acl(): ARO Section Value: $aro_section_value ARO VALUE: $aro_value_array");

				if (!is_array($aro_value_array))
				{
					$this->debug_text('is_conflicting_acl(): Invalid Format for ARO Array item. Skipping...');
					continue;
					// return TRUE;
				}

				$this->debug_text("is_conflicting_acl(): Search: ACO Section: $aco_section_value ACO Value: $aco_value_array ARO Section: $aro_section_value ARO Value: $aro_value_array");

				//Move the below line in to the LEFT JOIN above for PostgreSQL sake.
				//$where_query['ar1'] = 'ar.acl_id=a.id';
				$where_query['ar2'] = '(ar.section_value='. $this->db->quote($aro_section_value) .' AND ar.value IN (\''. implode ('\',\'', $aro_value_array) .'\'))';

				if (is_array($axo_array) AND count($axo_array) > 0) {
					foreach ($axo_array as $axo_section_value => $axo_value_array) {
						$this->debug_text("is_conflicting_acl(): AXO Section Value: $axo_section_value AXO VALUE: $axo_value_array");

						if (!is_array($axo_value_array)) {
							$this->debug_text('is_conflicting_acl(): Invalid Format for AXO Array item. Skipping...');
							continue;
							// return TRUE;
						}

						$this->debug_text("is_conflicting_acl(): Search: ACO Section: $aco_section_value ACO Value: $aco_value_array ARO Section: $aro_section_value ARO Value: $aro_value_array AXO Section: $axo_section_value AXO Value: $axo_value_array");

						//$where_query['ax1'] = 'ax.acl_id=x.id';
						$where_query['ax1'] = 'ax.acl_id=a.id';
						$where_query['ax2'] = '(ax.section_value='. $this->db->quote($axo_section_value) .' AND ax.value IN (\''. implode ('\',\'', $axo_value_array) .'\'))';

						$where  = 'WHERE ' . implode(' AND ', $where_query);

						$conflict_result = $this->db->GetCol($query . $where);

						if (is_array($conflict_result) AND !empty($conflict_result)) {
							// showarray($conflict_result);

							if (is_array($ignore_acl_ids)) {
								$conflict_result = array_diff($conflict_result, $ignore_acl_ids);
							}

							if (count($conflict_result) > 0) {
								$conflicting_acls_str = implode(',', $conflict_result);
								$this->debug_text("is_conflicting_acl(): Conflict FOUND!!! ACL_IDS: ($conflicting_acls_str)");
								return TRUE;
							}
						}
					}
				} else {
					$where_query['ax1'] = '(ax.section_value IS NULL AND ax.value IS NULL)';
					$where_query['ax2'] = 'xg.name IS NULL';

					$where  = 'WHERE ' . implode(' AND ', $where_query);

					$conflict_result = $this->db->GetCol($query . $where);

					if (is_array($conflict_result) AND !empty($conflict_result)) {
						// showarray($conflict_result);

						if (is_array($ignore_acl_ids)) {
							$conflict_result = array_diff($conflict_result, $ignore_acl_ids);
						}

						if (count($conflict_result) > 0) {
							$conflicting_acls_str = implode(',', $conflict_result);
							$this->debug_text("is_conflicting_acl(): Conflict FOUND!!! ACL_IDS: ($conflicting_acls_str)");
							return TRUE;
						}
					}
				}
			}
		}

		$this->debug_text('is_conflicting_acl(): No conflicting ACL found.');
		return FALSE;
	}

	/**
	 * add_acl()
	 *
	 * Add's an ACL. ACO_IDS, ARO_IDS, GROUP_IDS must all be arrays.
	 *
	 * @return bool Return ACL ID of new ACL if successful, FALSE otherewise.
	 *
	 * @param array Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 * @param array Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 * @param array Array of Group IDs
	 * @param array Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 * @param array Array of Group IDs
	 * @param int Allow flag
	 * @param int Enabled flag
	 * @param string Return Value
	 * @param string Note
	 * @param string ACL Section Value
	 * @param int ACL ID # Specific Request

	 */
	function add_acl($aco_array, $aro_array, $aro_group_ids=NULL, $axo_array=NULL, $axo_group_ids=NULL, $allow=1, $enabled=1, $return_value=NULL, $note=NULL, $section_value=NULL, $acl_id=FALSE ) {

		$this->debug_text("add_acl():");

		if (count($aco_array) == 0) {
			$this->debug_text("Must select at least one Access Control Object");
			return false;
		}

		if (count($aro_array) == 0 AND count($aro_group_ids) == 0) {
			$this->debug_text("Must select at least one Access Request Object or Group");
			return false;
		}

		if (empty($allow)) {
			$allow=0;
		}

		if (empty($enabled)) {
			$enabled=0;
		}

		if (!empty($section_value)
			AND !$this->get_object_section_section_id(NULL, $section_value, 'ACL')) {
			$this->debug_text("add_acl(): Section Value: $section_value DOES NOT exist in the database.");
			return false;
		}

		//Unique the group arrays. Later one we unique ACO/ARO/AXO arrays.
		if (is_array($aro_group_ids)) {
			$aro_group_ids = array_unique($aro_group_ids);
		}
		if (is_array($axo_group_ids)) {
			$axo_group_ids = array_unique($axo_group_ids);
		}

		//Check for conflicting ACLs.
		if ($this->is_conflicting_acl($aco_array,$aro_array,$aro_group_ids,$axo_array,$axo_group_ids,array($acl_id))) {
			$this->debug_text("add_acl(): Detected possible ACL conflict, not adding ACL!");
			return false;
		}

		//Edit ACL if acl_id is set. This is simply if we're being called by edit_acl().
		if ($this->get_acl($acl_id) == FALSE) {
			if ( empty($section_value) ) {
				$section_value='system';
				if( !$this->get_object_section_section_id(NULL, $section_value, 'ACL') ) {
					// Use the acl section with the lowest order value.
					$acl_sections_table = $this->_db_table_prefix .'acl_sections';
					$acl_section_order_value = $this->db->GetOne("SELECT min(order_value) from $acl_sections_table");

					$query = "
						SELECT value
						FROM $acl_sections_table
						WHERE order_value = $acl_section_order_value
					";
					$section_value = $this->db->GetOne($query);

					if ( empty($section_value) ) {
						$this->debug_text("add_acl(): No valid acl section found.");
						return false;
					} else {
						$this->debug_text("add_acl(): Using default section value: $section_value.");
					}
				}
			}

			//ACL not specified, so create acl_id
			if (empty($acl_id)) {
				//Create ACL row first, so we have the acl_id
				$acl_id = $this->db->GenID($this->_db_table_prefix.'acl_seq',10);

				//Double check the ACL ID was generated.
				if (empty($acl_id)) {
					// Not Required in Joomla! (yet)
					//$this->debug_text("add_acl(): ACL_ID generation failed!");
					//return false;
				}
			}

			//Begin transaction _after_ GenID. Because on the first run, if GenID has to create the sequence,
			//the transaction will fail.
			$this->db->BeginTrans();

			$query = 'INSERT INTO '.$this->_db_table_prefix."acl (id,section_value,allow,enabled,return_value,note,updated_date) VALUES($acl_id,".$this->db->quote($section_value).",$allow,$enabled,".$this->db->quote($return_value).','.$this->db->quote($note).','.time().')';
			$result = $this->db->Execute($query);

			// Joomla/MySQL
			$acl_id = $this->db->insertid();
		} else {
			$section_sql = '';
			if ( !empty($section_value) ) {
				$section_sql = 'section_value='. $this->db->quote ($section_value) .',';
			}

			$this->db->BeginTrans();

			//Update ACL row, and remove all mappings so they can be re-inserted.
			$query  = '
				UPDATE	'. $this->_db_table_prefix .'acl
				SET             ' . $section_sql . '
						allow='. (int) $allow .',
						enabled='. (int) $enabled .',
						return_value='. $this->db->quote($return_value) .',
						note='. $this->db->quote($note) .',
						updated_date='. time() .'
				WHERE	id='. (int) $acl_id;
			$result = $this->db->Execute($query);

			if ($result) {
				$this->debug_text("Update completed without error, delete mappings...");
				//Delete all mappings so they can be re-inserted.
				foreach (array('aco_map', 'aro_map', 'axo_map', 'aro_groups_map', 'axo_groups_map') as $map) {
					$query = 'DELETE FROM '. $this->_db_table_prefix . $map .' WHERE acl_id='. (int) $acl_id;
					$rs = $this->db->Execute($query);

					if (!is_object($rs))
					{
						$this->debug_db('add_acl');
						$this->db->RollBackTrans();
						return FALSE;
					}
				}
			}
		}

		if (!is_object($result)) {
			$this->debug_db('add_acl');
			$this->db->RollBackTrans();
			return false;
		}

		$this->debug_text("Insert or Update completed without error, insert new mappings.");
		// Insert ACO/ARO/AXO mappings
		foreach (array('aco', 'aro', 'axo') as $map) {
			$map_array = ${$map .'_array'};

			if (!is_array ($map_array)) {
				continue;
			}

			foreach ($map_array as $section_value => $value_array) {
				$this->debug_text ('Insert: '. strtoupper($map) .' Section Value: '. $section_value .' '. strtoupper($map) .' VALUE: '. $value_array);
				// $this->showarray ($aco_value_array);

				if (!is_array($value_array)) {
					$this->debug_text ('add_acl (): Invalid Format for '. strtoupper ($map) .' Array item. Skipping...');
					continue;
					// return true;
				}

				$value_array = array_unique($value_array);

				foreach ($value_array as $value) {
					$object_id = &$this->get_object_id($section_value, $value, $map);

					if (empty($object_id))
					{
						$this->debug_text('add_acl(): '. strtoupper($map) . " Object Section Value: $section_value Value: $value DOES NOT exist in the database. Skipping...");
						$this->db->RollBackTrans();
						return false;
					}

					$query  = 'INSERT INTO '. $this->_db_table_prefix . $map .'_map (acl_id,section_value,value) VALUES ('. $acl_id .', '. $this->db->quote($section_value) .', '. $this->db->quote($value) .')';
					$rs = $this->db->Execute($query);

					if (!is_object($rs))
					{
						$this->debug_db('add_acl');
						$this->db->RollBackTrans();
						return false;
					}
				}
			}
		}

		// Insert ARO/AXO GROUP mappings
		foreach (array('aro', 'axo') as $map) {
			$map_group_ids = ${$map .'_group_ids'};

			if (!is_array($map_group_ids)) {
				continue;
			}

			foreach ($map_group_ids as $group_id) {
				$this->debug_text ('Insert: '. strtoupper($map) .' GROUP ID: '. $group_id);

				$group_data = &$this->get_group_data($group_id, $map);

				if (empty($group_data)) {
					$this->debug_text('add_acl(): '. strtoupper($map) . " Group: $group_id DOES NOT exist in the database. Skipping...");
					$this->db->RollBackTrans();
					return false;
				}

				$query  = 'INSERT INTO '. $this->_db_table_prefix . $map .'_groups_map (acl_id,group_id) VALUES ('. (int) $acl_id .', '. (int) $group_id .')';
				$rs = $this->db->Execute($query);

				if (!is_object($rs)) {
					$this->debug_db('add_acl');
					$this->db->RollBackTrans();
					return false;
				}
			}
		}

		$this->db->CommitTrans();

		if ($this->_caching == TRUE AND $this->_force_cache_expire == TRUE) {
			//Expire all cache.
			$this->Cache_Lite->clean('default');
		}

		//Return only the ID in the first row.
		return $acl_id;
	}

	/**
	 * edit_acl()
	 *
	 * Edit's an ACL, ACO_IDS, ARO_IDS, GROUP_IDS must all be arrays.
	 *
	 * @return bool Return TRUE if successful, FALSE otherewise.
	 *
	 * @param int ACL ID # to edit
	 * @param array Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 * @param array Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 * @param array Array of Group IDs
	 * @param array Associative array, item={Section Value}, key={Array of Object Values} i.e. ["<Section Value>" => ["<Value 1>", "<Value 2>", "<Value 3>"], ...]
	 * @param array Array of Group IDs
	 * @param int Allow flag
	 * @param int Enabled flag
	 * @param string Return Value
	 * @param string Note
	 * @param string ACL Section Value
	 */
	function edit_acl($acl_id, $aco_array, $aro_array, $aro_group_ids=NULL, $axo_array=NULL, $axo_group_ids=NULL, $allow=1, $enabled=1, $return_value=NULL, $note=NULL, $section_value=NULL) {

		$this->debug_text("edit_acl():");

		if (empty($acl_id) ) {
			$this->debug_text("edit_acl(): Must specify a single ACL_ID to edit");
			return false;
		}
		if (count($aco_array) == 0) {
			$this->debug_text("edit_acl(): Must select at least one Access Control Object");