diff options
Diffstat (limited to 'lib/classes/ForumPerm.php')
| -rw-r--r-- | lib/classes/ForumPerm.php | 217 |
1 files changed, 0 insertions, 217 deletions
diff --git a/lib/classes/ForumPerm.php b/lib/classes/ForumPerm.php deleted file mode 100644 index 2832978..0000000 --- a/lib/classes/ForumPerm.php +++ /dev/null @@ -1,217 +0,0 @@ -<?php -/** - * filename - Short description for file - * - * Long description for file (if any)... - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation; either version 3 of - * the License, or (at your option) any later version. - * - * @author Till Glöggler <tgloeggl@uos.de> - * @license http://www.gnu.org/licenses/gpl-3.0.html GPL version 3 - * @category Stud.IP - */ - -class ForumPerm { - - /** - * Check, if the a user has the passed permission in a seminar. - * Possible permissions are: - * edit_category - Editing the name of a category<br> - * add_category - Adding a new category<br> - * remove_category - Removing an existing category<br> - * sort_category - Sorting categories<br> - * edit_area - Editing an area (title + content)<br> - * add_area - Adding a new area<br> - * remove_area - Removing an area and all belonging threads<br> - * sort_area - Sorting of areas in categories and between categories<br> - * search - Searching in postings<br> - * edit_entry - Editing of foreign threads/postings<br> - * add_entry - Creating a new thread/posting<br> - * remove_entry - Removing of foreign threads/postings<br> - * fav_entry - Marking a Posting as "favorite"<br> - * like_entry - Liking a posting<br> - * move_thread - Moving a thrad between ares<br> - * close_thread - Close or open a thread<br> - * make_sticky - Make a thread sticky<br> - * abo - Signing up for mail-notifications for new entries<br> - * forward_entry - Forwarding an existing entry as a message<br> - * pdfexport - Exporting parts of the forum as PDF<br> - * admin - Allowed to mass-administrate the forum<br> - * view - Allowed to view the forum at all<br> - * edit_closed - Editing entries in a closed thread - * - * @param string $perm one of the modular permissions - * @param string $seminar_id the seminar to check for - * @param string $user_id the user to check for - * @return boolean true, if the user has the perms, false otherwise - */ - public static function has($perm, $seminar_id, $user_id = null) - { - static $permissions = []; - - // if no user-id is passed, use the current user (for your convenience) - if (!$user_id) { - $user_id = $GLOBALS['user']->id; - } - - // get the status for the user in the passed seminar - if (empty($permissions[$seminar_id][$user_id])) { - $permissions[$seminar_id][$user_id] = $GLOBALS['perm']->get_studip_perm($seminar_id, $user_id); - } - - $status = $permissions[$seminar_id][$user_id]; - - // take care of the not logged in user - if ($user_id == 'nobody' || $status == false) { - // which status has nobody - read only or read/write? - if (get_object_type($seminar_id) == 'sem') { - $course = Course::find($seminar_id); - - if ($course->schreibzugriff == 0) { - $status = 'nobody_write'; - } else if ($course->lesezugriff == 0) { - $status = 'nobody_read'; - } else { - return false; - } - } else { - return false; - } - } - - // root and admins have all possible perms - if (in_array($status, words('root admin')) !== false) { - return true; - } - - // eCULT Notlösung - if ($status == 'tutor' && $seminar_id == '30e0b89dcc9173d5fccf9f22b13b87bd') { - $status = 'autor'; - } - - // check the status and the passed permission - if (($status == 'dozent' || $status == 'tutor') && in_array($perm, - words('edit_category add_category remove_category sort_category ' - . 'edit_area add_area remove_area sort_area ' - . 'search edit_entry add_entry remove_entry fav_entry like_entry move_thread ' - . 'make_sticky close_thread abo forward_entry pdfexport view edit_closed') - ) !== false) { - return true; - } else if ($status == 'autor' && in_array($perm, words('search add_entry fav_entry like_entry forward_entry abo pdfexport view')) !== false) { - return true; - } else if ($status == 'user' && in_array($perm, words('search forward_entry pdfexport view')) !== false) { - return true; - } else if ($status == 'nobody_write' && in_array($perm, words('search add_entry pdfexport view')) !== false) { - return true; - } else if ($status == 'nobody_read' && in_array($perm, words('search pdfexport view')) !== false) { - return true; - } - - // user has no permission - return false; - } - - /** - * If the user has not the passed perm in a seminar, an AccessDeniedException - * is thrown. - * An optional topic_id can be passed which is checked against the passed - * seminar if the topic_id belongs to that seminar - * - * @param string $perm for the list of possible perms and their function see @ForumPerm::hasPerm() - * @param string $seminar_id the seminar to check for - * @param string $topic_id if passed, this topic_id is checked if it belongs to the passed seminar - * - * @throws AccessDeniedException - */ - public static function check($perm, $seminar_id, $topic_id = null) - { - if (!self::has($perm, $seminar_id)) { - throw new AccessDeniedException(sprintf( - _("Sie haben keine Berechtigung für diese Aktion! Benötigte Berechtigung: %s"), - $perm) - ); - } - - // check the topic id (if any) - if ($topic_id) { - self::checkTopicId($seminar_id, $topic_id); - } - } - - /** - * Check if the current user is allowed to edit the topic - * denoted by the passed id - * - * @staticvar array $perms - * - * @param string $topic_id the id for the topic to check for - * - * @return bool true if the user has the necessary perms, false otherwise - */ - public static function hasEditPerms($topic_id) - { - static $perms = []; - - if (empty($perms[$topic_id])) { - // find out if the posting is the last in the thread - $constraints = ForumEntry::getConstraints($topic_id); - if (!$constraints) { - return false; - } - $stmt = DBManager::get()->prepare("SELECT user_id, seminar_id - FROM forum_entries WHERE topic_id = ?"); - $stmt->execute([$topic_id]); - - $data = $stmt->fetch(); - - $closed = ForumEntry::isClosed($topic_id); - - $perms[$topic_id] = (($GLOBALS['user']->id == $data['user_id'] && $GLOBALS['user']->id != 'nobody') || - ForumPerm::has('edit_entry', $constraints['seminar_id'])) - && (!$closed || $closed && ForumPerm::has('edit_closed', $constraints['seminar_id'])); - } - - return $perms[$topic_id]; - } - - /** - * check if the passed category_id belongs to the passed seminar_id. - * Throws an AccessDenied denied exception if this is not the case - * - * @param string $seminar_id id of the seminar, the category should belong to - * @param string $category_id the id of the category to check - */ - public static function checkCategoryId($seminar_id, $category_id) - { - $data = ForumCat::get($category_id); - - if ($data['seminar_id'] != $seminar_id) { - throw new AccessDeniedException(sprintf( - _('Forum: Sie haben keine Berechtigung auf die Kategorie mit der ID %s zuzugreifen!'), - $category_id - )); - } - } - - /** - * check if the passed topic_id belongs to the passed seminar_id. - * Throws an AccessDenied denied exception if this is not the case - * - * @param string $seminar_id id of the seminar, the category should belong to - * @param string $topic_id the id of the topic to check - */ - public static function checkTopicId($seminar_id, $topic_id) - { - $data = ForumEntry::getConstraints($topic_id); - - if (!$data || $data['seminar_id'] !== $seminar_id) { - throw new AccessDeniedException(sprintf( - _('Forum: Sie haben keine Berechtigung auf den Eintrag mit der ID %s zuzugreifen!'), - $topic_id - )); - } - } -} |