aboutsummaryrefslogtreecommitdiff
path: root/app/routes/ResourcePermissions.php
diff options
context:
space:
mode:
Diffstat (limited to 'app/routes/ResourcePermissions.php')
-rw-r--r--app/routes/ResourcePermissions.php585
1 files changed, 0 insertions, 585 deletions
diff --git a/app/routes/ResourcePermissions.php b/app/routes/ResourcePermissions.php
deleted file mode 100644
index be5c647..0000000
--- a/app/routes/ResourcePermissions.php
+++ /dev/null
@@ -1,585 +0,0 @@
-<?php
-namespace RESTAPI\Routes;
-
-/**
- * This file contains API routes related to ResourcePermission
- * and ResourceTemporaryPermission objects.
- *
- * @author Moritz Strohm <strohm@data-quest.de>
- * @copyright 2017-2019
- * @license http://www.gnu.org/licenses/gpl-2.0.html GPL version 2
- * @since 4.5
- * @deprecated Since Stud.IP 5.0. Will be removed in Stud.IP 6.0.
- */
-class ResourcePermissions extends \RESTAPI\RouteMap
-{
-
- //Methods for permanent permissions:
-
-
- /**
- * Get the permission levels of users for the specified resource.
- *
- * @param levels: Limit the result set to the specified permission levels.
- * Allowed permission levels: user, autor, tutor, admin.
- * The permission levels have to be comma separated like in the
- * following example: "autor,tutor,admin".
- *
- * @get /resources/permissions/:resource_id
- */
- public function getResourcePermissions($resource_id)
- {
- $resource = \Resource::find($resource_id);
- if (!$resource) {
- $this->notFound('Resource object not found!');
- }
-
- $resource = $resource->getDerivedClassInstance();
-
- if (!$resource->userHasPermission(\User::findCurrent(), 'admin')) {
- throw new \AccessDeniedException();
- }
-
- $levels_str = \Request::get('levels');
- $levels = [];
- if ($levels_str) {
- $levels = explode(',', $levels_str);
- }
-
- $sql = 'resource_id = :resource_id ';
- $sql_array = [
- 'resource_id' => $resource->id
- ];
-
- if ($levels) {
- $sql .= 'AND perms IN ( :levels ) ';
- $sql_array['levels'] = $levels;
- }
-
- $permissions = \ResourcePermission::findBySql($sql, $sql_array);
-
- $result = [];
- if ($permissions) {
- foreach ($permissions as $permission) {
- $result[] = $permission->toRawArray();
- }
- }
-
- return $result;
- }
-
-
- /**
- * Returns the permissions a specific user has on a specified resource.
- *
- * @get /resources/permissions/:resource_id/:user:_id
- */
- public function getPermission($resource_id, $user_id)
- {
- if ($resource_id !== 'global') {
- if (!\Resource::exists($resource_id)) {
- $this->halt(
- 404,
- 'Resource not found!'
- );
- }
- }
-
- $user = \User::find($user_id);
- if (!$user) {
- $this->halt(
- 400,
- 'No user was provided!'
- );
- }
-
- $current_user = \User::findCurrent();
-
- if (!\ResourceManager::userHasGlobalPermission($current_user, 'admin')) {
- if ($resource_id !== 'global') {
- $resource = \Resource::find($resource_id);
- $resource = $resource->getDerivedClassInstance();
- if (!$resource->userHasPermission($current_user, 'admin')) {
- $this->halt(403);
- }
- } else {
- //$resource_id == 'global': One must be admin
- //to perform this action!
- $this->halt(403);
- }
- }
-
- $permission = \ResourcePermission::findOneBySql(
- "resource_id = :resource_id AND user_id = :user_id",
- [
- 'resource_id' => $resource_id,
- 'user_id' => $user->id
- ]
- );
-
- if ($permission) {
- return $permission->toRawArray();
- } else {
- //The user already had no global permissions!
- return NULL;
- }
- }
-
-
- /**
- * @post /resources/permissions/:resource_id/:user_id
- */
- public function setPermission($resource_id, $user_id)
- {
- if ($resource_id !== 'global') {
- if (!\Resource::exists($resource_id)) {
- $this->halt(
- 404,
- 'Resource not found!'
- );
- return;
- }
- }
-
- $user = \User::find($user_id);
- if (!$user) {
- $this->halt(
- 400,
- 'No user was provided!'
- );
- }
-
- $current_user = \User::findCurrent();
-
- if (!\ResourceManager::userHasGlobalPermission($current_user, 'admin')) {
- if ($resource_id !== 'global') {
- $resource = \Resource::find($resource_id);
- $resource = $resource->getDerivedClassInstance();
- if (!$resource->userHasPermission($current_user, 'admin')) {
- $this->halt(403);
- }
- } else {
- //$resource_id == 'global': One must be admin
- //to perform this action!
- $this->halt(403);
- }
- }
-
- //Verify permission level:
- $perms = \Request::get('perms');
-
- if (!in_array($perms, ['user', 'autor', 'tutor', 'admin'])) {
- $this->halt(
- 400,
- 'Invalid permission level specified!'
- );
- }
-
- //Check if permissions are already present for the user.
- //If not, create a new permission object.
- $permission = \ResourcePermission::findOneBySql(
- "resource_id = :resource_id AND user_id = :user_id",
- [
- 'resource_id' => $resource_id,
- 'user_id' => $user->id
- ]
- );
-
- if (!$permission) {
- $permission = new \ResourcePermission();
- $permission->resource_id = $resource_id;
- $permission->user_id = $user->id;
- }
-
- $permission->perms = $perms;
-
- if ($permission->store() === false) {
- $this->halt(
- 500,
- 'Error while saving permissions!'
- );
- }
-
- return $permission->toRawArray();
- }
-
-
- /**
- * @delete /resources/permissions/:resource_id/:user_id
- */
- public function deletePermission($resource_id, $user_id)
- {
- if ($resource_id !== 'global' && !\Resource::exists($resource_id)) {
- $this->notFound('Resource not found!');
- }
-
- $user = \User::find($user_id);
- if (!$user) {
- $this->halt(
- 400,
- 'No user was provided!'
- );
- }
-
- $current_user = \User::findCurrent();
-
- if (!\ResourceManager::userHasGlobalPermission($current_user, 'admin')) {
- if ($resource_id !== 'global') {
- $resource = \Resource::find($resource_id);
- $resource = $resource->getDerivedClassInstance();
- if (!$resource->userHasPermission($current_user, 'admin')) {
- $this->halt(403);
- }
- } else {
- //$resource_id == 'global': One must be admin
- //to perform this action!
- $this->halt(403);
- }
- }
-
- $permission = \ResourcePermission::findOneBySql(
- "resource_id = :resource_id AND user_id = :user_id",
- [
- 'resource_id' => $resource_id,
- 'user_id' => $user->id
- ]
- );
-
- if (!$permission) {
- //The user already had no global permissions!
- return 'OK';
- }
-
- if ($permission->delete()) {
- return 'OK';
- } else {
- $this->halt(
- 500,
- 'Error while deleting global permissions!'
- );
- }
- }
-
-
- //Methods for temporary permissions:
-
-
- /**
- * Get the temporary permission levels of users for the specified resource.
- * The begin and end parameters are mandatory to determine a time range
- * to collect the temporary permissions in that range.
- *
- * @param begin: The begin timestamp of the time range.
- * @param end: The end timestamp of the time range.
- * @param levels: Limit the result set to the specified temporary permission
- * levels. Allowed permission levels: user, autor, tutor, admin.
- * The permission levels have to be comma separated like in the
- * following example: "autor,tutor,admin".
- *
- * @get /resources/temporary_permissions/:resource_id
- */
- public function getTemporaryResourcePermissions($resource_id)
- {
- $resource = \Resource::find($resource_id);
- if (!$resource) {
- $this->notFound('Resource object not found!');
- }
-
- $resource = $resource->getDerivedClassInstance();
-
- if (!$resource->userHasPermission(\User::findCurrent(), 'admin')) {
- throw new \AccessDeniedException();
- }
-
- $begin = \Request::get('begin');
- $end = \Request::get('end');
- $levels_str = \Request::get('levels');
- $levels = [];
- if ($levels_str) {
- $levels = explode(',', $levels_str);
- }
-
- if (!$begin or !$end) {
- //Use the current day:
- $begin = strtotime('today 0:00:00');
- $end = strtotime('today 23:59:59');
- }
-
- $sql = 'resource_id = :resource_id
- AND
- ((begin >= :begin AND begin <= :end)
- OR
- (end >= :begin AND end <= :end))
- OR
- (begin < :begin AND end > :end)';
- $sql_array = [
- 'resource_id' => $resource->id,
- 'begin' => $begin,
- 'end' => $end
- ];
-
- if ($levels) {
- $sql .= 'AND perms IN ( :levels ) ';
- $sql_array['levels'] = $levels;
- }
-
- return \ResourceTemporaryPermission::findAndMapBySql(
- function (\ResourceTemporaryPermission $permission) {
- return $permission->toRawArray();
- },
- $sql,
- $sql_array
- );
- }
-
-
- /**
- * Returns the permissions a specific user has on a specified resource.
- *
- * @get /resources/temporary_permissions/:resource_id/:user:_id
- */
- public function getTemporaryPermission($resource_id, $user_id)
- {
- if ($resource_id !== 'global') {
- if (!\Resource::exists($resource_id)) {
- $this->notFound('Resource not found!');
- }
- }
-
- $user = \User::find($user_id);
- if (!$user) {
- $this->halt(
- 400,
- 'No user was provided!'
- );
- }
-
- $current_user = \User::findCurrent();
-
- $begin_str = \Request::get('begin');
- $end_str = \Request::get('end');
- $begin = null;
- $end = null;
- $with_time_range = false;
- if ($begin_str && $end_str) {
- $with_time_range = true;
- $begin = new \DateTime();
- $begin->setTimestamp($begin_str);
- $end = new \DateTime();
- $end->setTimestamp($end_str);
- }
-
- if (!\ResourceManager::userHasGlobalPermission($current_user, 'admin')) {
- if ($resource_id !== 'global') {
- $resource = \Resource::find($resource_id);
- $resource = $resource->getDerivedClassInstance();
- if (!$resource->userHasPermission($current_user, 'admin')) {
- $this->halt(403);
- }
- } else {
- //$resource_id == 'global': One must be admin
- //to perform this action!
- $this->halt(403);
- }
- }
-
- $permissions = null;
- if ($with_time_range) {
- $permissions = \ResourceTemporaryPermission::findBySql(
- "resource_id = :resource_id AND user_id = :user_id
- AND (
- (begin >= :begin AND begin <= :end)
- OR
- (end >= :begin AND end <= :end)
- )",
- [
- 'resource_id' => $resource_id,
- 'user_id' => $user->id,
- 'begin' => $begin->getTimestamp(),
- 'end' => $end->getTimestamp()
- ]
- );
- } else {
- $permissions = \ResourceTemporaryPermission::findBySql(
- "resource_id = :resource_id AND user_id = :user_id",
- [
- 'resource_id' => $resource_id,
- 'user_id' => $user->id
- ]
- );
- }
-
- if ($permissions) {
- $result = [];
- foreach ($permissions as $permission) {
- $result[] = $permission->toRawArray();
- }
- return $result;
- } else {
- //The user already had no global permissions!
- return NULL;
- }
- }
-
-
- /**
- * Sets temporary permissions for a user.
- *
- * @param begin The begin timestamp for the temporary permisssion.
- * @param end The end timestamp for the temporary permission.
- * @param perms The permission level for the temporary permission.
- *
- * @post /resources/temporary_permissions/:resource_id/:user_id
- */
- public function setTemporaryPermission($resource_id, $user_id)
- {
- $resource = \Resource::find($resource_id);
- if (!$resource) {
- $this->notFound('Resource not found!');
- }
-
- $user = \User::find($user_id);
- if (!$user) {
- $this->notFound('User not found!');
- }
-
- $current_user = \User::findCurrent();
-
- if (!\ResourceManager::userHasGlobalPermission($current_user, 'admin')
- && !$resource->userHasPermission($current_user, 'admin')) {
- $this->halt(403);
- }
-
- $begin_str = \Request::get('begin');
- $end_str = \Request::get('end');
- if (!$begin_str || !$end_str) {
- $this->halt(
- 400,
- 'No time range specified for temporary permission!'
- );
- }
-
- $begin = new \DateTime();
- $begin->setTimestamp($begin_str);
- $end = new \DateTime();
- $end->setTimestamp($end_str);
-
- //Verify permission level:
- $perms = \Request::get('perms');
-
- if (!in_array($perms, ['user', 'autor', 'tutor', 'admin'])) {
- $this->halt(
- 400,
- 'Invalid permission level specified!'
- );
- }
-
- //Check if permissions are already present for the user.
- //If not, create a new permission object.
- $permission = \ResourceTemporaryPermission::findOneBySql(
- "resource_id = :resource_id AND user_id = :user_id
- AND begin = :begin AND end = :end",
- [
- 'resource_id' => $resource_id,
- 'user_id' => $user->id,
- 'begin' => $begin->getTimestamp(),
- 'end' => $end->getTimestamp()
- ]
- );
-
- if (!$permission) {
- $permission = new \ResourceTemporaryPermission();
- $permission->resource_id = $resource_id;
- $permission->user_id = $user->id;
- $permission->begin = $begin->getTimestamp();
- $permission->end = $end->getTimestamp();
- }
-
- $permission->perms = $perms;
-
- if ($permission->store() === false) {
- $this->halt(
- 500,
- 'Error while saving permissions!'
- );
- }
-
- return $permission->toRawArray();
- }
-
-
- /**
- * Deletes all temporary permissions of a user.
- * If a time interval is given all permissions inside the interval
- * are deleted.
- *
- * @delete /resources/temporary_permissions/:resource_id/:user_id
- */
- public function deleteTemporaryPermission($resource_id, $user_id)
- {
- if ($resource_id !== 'global') {
- if (!\Resource::exists($resource_id)) {
- $this->notFound('Resource not found!');
- }
- }
-
- $user = \User::find($user_id);
- if (!$user) {
- $this->notFound('User not found!');
- }
-
- $current_user = \User::findCurrent();
-
- if (!\ResourceManager::userHasGlobalPermission($current_user, 'admin')) {
- if ($resource_id !== 'global') {
- $resource = \Resource::find($resource_id);
- $resource = $resource->getDerivedClassInstance();
- if (!$resource->userHasPermission($current_user, 'admin')) {
- $this->halt(403);
- }
- } else {
- //$resource_id == 'global': One must be admin
- //to perform this action!
- $this->halt(403);
- }
- }
-
- $begin_str = \Request::get('begin');
- $end_str = \Request::get('end');
- $begin = null;
- $end = null;
- $with_time_range = false;
- if ($begin_str and $end_str) {
- $with_time_range = true;
- $begin = new \DateTime();
- $begin->setTimestamp($begin_str);
- $end = new \DateTime();
- $end->setTimestamp($end_str);
- }
-
- if ($with_time_range) {
- \ResourceTemporaryPermission::deleteBySql(
- "resource_id = :resource_id AND user_id = :user_id
- AND (
- (begin >= :begin AND end <= :end)
- )",
- [
- 'resource_id' => $resource_id,
- 'user_id' => $user->id,
- 'begin' => $begin->getTimestamp(),
- 'end' => $end->getTimestamp()
- ]
- );
- } else {
- \ResourceTemporaryPermission::deleteBySql(
- "resource_id = :resource_id AND user_id = :user_id",
- [
- 'resource_id' => $resource_id,
- 'user_id' => $user->id
- ]
- );
- }
-
- return 'OK';
- }
-}
generated by cgit v1.0 at 2026-05-27 06:04:53 +0000