gacl.php

Joomla!是一套获得过多个奖项的内容管理系统(Content Management System, CMS)。Joomla!采用PHP+MySQL数据库开发

<?php
// $Id: gacl.php 10381 2008-06-01 03:35:53Z pasamio $

/**
 * phpGACL - Generic Access Control List
 * Copyright (C) 2002,2003 Mike Benoit
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 *
 * For questions, help, comments, discussion, etc., please join the
 * phpGACL mailing list. http://sourceforge.net/mail/?group_id=57103
 *
 * You may contact the author of phpGACL by e-mail at:
 * ipso@snappymail.ca
 *
 * The latest version of phpGACL can be obtained from:
 * http://phpgacl.sourceforge.net/
 *
 * @package phpGACL
 */

/*
 * Path to ADODB.
 */
//if ( !defined('ADODB_DIR') ) {
//	define('ADODB_DIR', dirname(__FILE__).'/adodb');
//}
// Causing conflicts with 3rd party apps using adodb

/**
* phpGACL main class
*
* Class gacl should be used in applications where only querying the phpGACL
* database is required.
*
* @package phpGACL
* @author Mike Benoit <ipso@snappymail.ca>
*/
class gacl {
	/*
	--- Private properties ---
	*/
	/** @var boolean Enables Debug output if true */
	var $_debug = FALSE;

	/**
	 * Joomla usage
	 */
	var $_debugLog = null;

	/*
	--- Database configuration. ---
	*/
	/** @var string Prefix for all the phpgacl tables in the database */
	var $_db_table_prefix = '';

	/** @var string The database type, based on available ADODB connectors - mysql, postgres7, sybase, oci8po See here for more: http://php.weblogs.com/adodb_manual#driverguide */
	var $_db_type = 'mysql';

	/** @var string The database server */
	var $_db_host = 'localhost';

	/** @var string The database user name */
	var $_db_user = 'root';

	/** @var string The database user password */
	var $_db_password = '';

	/** @var string The database name */
	var $_db_name = 'gacl';

	/** @var object An ADODB database connector object */
	var $_db = '';

	/*
	 * NOTE: 	This cache must be manually cleaned each time ACL's are modified.
	 * 		Alternatively you could wait for the cache to expire.
	 */

	/** @var boolean Caches queries if true */
	var $_caching = FALSE;

	/** @var boolean Force cache to expire */
	var $_force_cache_expire = TRUE;

	/** @var string The directory for cache file to eb written (ensure write permission are set) */
	var $_cache_dir = '/tmp/phpgacl_cache'; // NO trailing slash

	/** @var int The time for the cache to expire in seconds - 600 == Ten Minutes */
	var $_cache_expire_time=600;

	/** @var string A switch to put acl_check into '_group_' mode */
	var $_group_switch = '_group_';

	/**
	 * Constructor
	 * @param array An arry of options to oeverride the class defaults
	 */
	function gacl($options = NULL) {

		$available_options = array('db','debug','items_per_page','max_select_box_items','max_search_return_items','db_table_prefix','db_type','db_host','db_user','db_password','db_name','caching','force_cache_expire','cache_dir','cache_expire_time');
		if (is_array($options)) {
			foreach ($options as $key => $value) {
				$this->debug_text("Option: $key");

				if (in_array($key, $available_options) ) {
					$this->debug_text("Valid Config options: $key");
					$property = '_'.$key;
					$this->$property = $value;
				} else {
					$this->debug_text("ERROR: Config option: $key is not a valid option");
				}
			}
		}

		//Use NUM for slight performance/memory reasons.
		//Leave this in for backwards compatibility with older ADODB installations.
		//If your using ADODB v3.5+ feel free to comment out the following line if its giving you problems.
		//$ADODB_FETCH_MODE = ADODB_FETCH_NUM;

		if (is_object($this->_db)) {
			$this->db = &$this->_db;
		} else {
			require_once( ADODB_DIR .'/adodb.inc.php');
			require_once( ADODB_DIR .'/adodb-pager.inc.php');

			$this->db = ADONewConnection($this->_db_type);
			$this->db->SetFetchMode(ADODB_FETCH_NUM);
			$this->db->PConnect($this->_db_host, $this->_db_user, $this->_db_password, $this->_db_name);
		}
		$this->db->debug = $this->_debug;

		if ( $this->_caching == TRUE ) {
			if (!class_exists('Hashed_Cache_Lite')) {
				require_once(dirname(__FILE__) .'/Cache_Lite/Hashed_Cache_Lite.php');
			}

			/*
			 * Cache options. We default to the highest performance. If you run in to cache corruption problems,
			 * Change all the 'false' to 'true', this will slow things down slightly however.
			 */

			$cache_options = array(
				'caching' => $this->_caching,
				'cacheDir' => $this->_cache_dir.'/',
				'lifeTime' => $this->_cache_expire_time,
				'fileLocking' => TRUE,
				'writeControl' => FALSE,
				'readControl' => FALSE,
				'memoryCaching' => TRUE,
				'automaticSerialization' => FALSE
			);
			$this->Cache_Lite = new Hashed_Cache_Lite($cache_options);
		}

		return true;
	}

	/**
	* Prints debug text if debug is enabled.
	* @param string THe text to output
	* @return boolean Always returns true
	*/
	function debug_text($text) {
		if (!$this->_debugLog)
		{
			$this->_debugLog = array();
		}

		$this->_debugLog[] = $text;
		if ($this->_debug) {
			echo "$text<br>\n";
		}

		return true;
	}

	/**
	* Prints database debug text if debug is enabled.
	* @param string The name of the function calling this method
	* @return string Returns an error message
	*/
	function debug_db($function_name = '') {
		if ($function_name != '') {
			$function_name .= ' (): ';
		}

		return $this->debug_text ($function_name .'database error: '. $this->db->ErrorMsg() .' ('. $this->db->ErrorNo() .')');
	}

	/**
	* Wraps the actual acl_query() function.
	*
	* It is simply here to return TRUE/FALSE accordingly.
	* @param string The ACO section value
	* @param string The ACO value
	* @param string The ARO section value
	* @param string The ARO section
	* @param string The AXO section value (optional)
	* @param string The AXO section value (optional)
	* @param integer The group id of the ARO ??Mike?? (optional)
	* @param integer The group id of the AXO ??Mike?? (optional)
	* @return boolean TRUE if the check succeeds, false if not.
	*/
	function acl_check($aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value=NULL, $axo_value=NULL, $root_aro_group=NULL, $root_axo_group=NULL) {
		$acl_result = $this->acl_query($aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value, $axo_value, $root_aro_group, $root_axo_group);

		return $acl_result['allow'];
	}

	/**
	* Wraps the actual acl_query() function.
	*
	* Quick access to the return value of an ACL.
	* @param string The ACO section value
	* @param string The ACO value
	* @param string The ARO section value
	* @param string The ARO section
	* @param string The AXO section value (optional)
	* @param string The AXO section value (optional)
	* @param integer The group id of the ARO (optional)
	* @param integer The group id of the AXO (optional)
	* @return string The return value of the ACL
	*/
	function acl_return_value($aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value=NULL, $axo_value=NULL, $root_aro_group=NULL, $root_axo_group=NULL) {
		$acl_result = $this->acl_query($aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value, $axo_value, $root_aro_group, $root_axo_group);

		return $acl_result['return_value'];
	}

	/**
	 * Handles ACL lookups over arrays of AROs
	 * @param string The ACO section value
	 * @param string The ACO value
	* @param array An named array of arrays, each element in the format aro_section_value=>array(aro_value1,aro_value1,...)
	 * @return mixed The same data format as inputted.
	 */
	function acl_check_array($aco_section_value, $aco_value, $aro_array) {
		/*
			Input Array:
				Section => array(Value, Value, Value),
				Section => array(Value, Value, Value)

		 */

		if (!is_array($aro_array)) {
			$this->debug_text("acl_query_array(): ARO Array must be passed");
			return false;
		}

		foreach($aro_array as $aro_section_value => $aro_value_array) {
			foreach ($aro_value_array as $aro_value) {
				$this->debug_text("acl_query_array(): ARO Section Value: $aro_section_value ARO VALUE: $aro_value");

				if( $this->acl_check($aco_section_value, $aco_value, $aro_section_value, $aro_value) ) {
					$this->debug_text("acl_query_array(): ACL_CHECK True");
					$retarr[$aro_section_value][] = $aro_value;
				} else {
					$this->debug_text("acl_query_array(): ACL_CHECK False");
				}
			}
		}

		return $retarr;

	}

	/**
	* The Main function that does the actual ACL lookup.
	* @param string The ACO section value
	* @param string The ACO value
	* @param string The ARO section value
	* @param string The ARO section
	* @param string The AXO section value (optional)
	* @param string The AXO section value (optional)
	* @param string The value of the ARO group (optional)
	* @param string The value of the AXO group (optional)
	* @param boolean Debug the operation if true (optional)
	* @return array Returns as much information as possible about the ACL so other functions can trim it down and omit unwanted data.
	*/
	function acl_query($aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value=NULL, $axo_value=NULL, $root_aro_group=NULL, $root_axo_group=NULL, $debug=NULL) {

		$cache_id = 'acl_query_'.$aco_section_value.'-'.$aco_value.'-'.$aro_section_value.'-'.$aro_value.'-'.$axo_section_value.'-'.$axo_value.'-'.$root_aro_group.'-'.$root_axo_group.'-'.$debug;

		$retarr = $this->get_cache($cache_id);

		if (!$retarr) {
			/*
			 * Grab all groups mapped to this ARO/AXO
			 */
			$aro_group_ids = $this->acl_get_groups($aro_section_value, $aro_value, $root_aro_group, 'ARO');

			if (is_array($aro_group_ids) AND !empty($aro_group_ids)) {
				$sql_aro_group_ids = implode(',', $aro_group_ids);
			}

			if ($axo_section_value !== '' AND $axo_value !== '') {
				$axo_group_ids = $this->acl_get_groups($axo_section_value, $axo_value, $root_axo_group, 'AXO');

				if (is_array($axo_group_ids) AND !empty($axo_group_ids)) {
					$sql_axo_group_ids = implode(',', $axo_group_ids);
				}