source: trunk/Modules/User/UserModel.php

Last change on this file was 963, checked in by chronos, 21 months ago
  • Fixed: RSS channel generation error.
  • Fixed: Show error message instead of generation of empty RSS channel.
  • Fixed: Wait minimum time if user not logged correctly.
File size: 21.9 KB
Line 
1<?php
2
3define('LOGIN_USED', 'Přihlašovací jméno již použito.');
4define('NAME_USED', 'Jméno uživatele již použito');
5define('EMAIL_USED', 'Email je již použitý. Použijte jiný email nebo si můžete nechat zaslat nové heslo na email.');
6define('USER_REGISTRATED', 'Uživatel registrován. Na zadanou emailovou adresu byl poslán mail s odkazem pro aktivování účtu.');
7define('USER_NOT_HUMAN', 'Uživate nepotvrdil, že je člověk.');
8define('USER_REGISTRATION_CONFIRMED', 'Vaše registrace byla potvrzena.');
9define('DATA_MISSING', 'Chybí emailová adresa, přezdívka, nebo některé z hesel.');
10define('PASSWORDS_UNMATCHED', 'Hesla si neodpovídají.');
11define('ACCOUNT_LOCKED', 'Účet je uzamčen. Po registraci je nutné provést aktivaci účtu pomocí odkazu zaslaného v aktivačním emailu.');
12define('USER_NOT_LOGGED', 'Nejste přihlášen.');
13define('USER_LOGGED', 'Uživatel přihlášen.');
14define('USER_NOT_REGISTRED', 'Uživatel neregistrován.');
15define('USER_ALREADY_LOGGED', 'Uživatel již přihlášen.');
16define('USER_LOGGED_IN', 'Byl jste přihlášen.');
17define('USER_LOGGED_OUT', 'Byl jste odhlášen.');
18define('BAD_PASSWORD', 'Špatné heslo.');
19define('USER_NOT_FOUND', 'Uživatel nenalezen.');
20define('USER_PASSWORD_RECOVERY_SUCCESS', 'Přihlašovací údaje byly odeslány na zadanou emailovou adresu.');
21define('USER_PASSWORD_RECOVERY_FAIL', 'Podle zadaných údajů nebyl nalezen žádný uživatel.');
22define('USER_PASSWORD_RECOVERY_CONFIRMED', 'Nové heslo bylo aktivováno.');
23
24define('USER_EVENT_REGISTER', 1);
25define('USER_EVENT_LOGIN', 2);
26define('USER_EVENT_LOGOUT', 3);
27define('USER_EVENT_OPTIONS_CHANGED', 4);
28
29class PasswordHash
30{
31 function Hash(string $Password, string $Salt): string
32 {
33 return sha1(sha1($Password).$Salt);
34 }
35
36 function Verify(string $Password, string $Salt, string $StoredHash): bool
37 {
38 return $this->Hash($Password, $Salt) == $StoredHash;
39 }
40
41 function GetSalt(): string
42 {
43 mt_srand(intval(microtime(true)) * 100000 + memory_get_usage(true));
44 return sha1(uniqid(mt_rand(), true));
45 }
46}
47
48// TODO: Make User class more general without dependencies on System, Mail, Log
49
50class User extends Model
51{
52 public array $Roles = array();
53 public array $User = array();
54 public int $OnlineStateTimeout;
55 public array $PermissionCache = array();
56 public array $PermissionGroupCache = array();
57 public array $PermissionGroupCacheOp = array();
58 public PasswordHash $PasswordHash;
59
60 function __construct(System $System)
61 {
62 parent::__construct($System);
63 $this->OnlineStateTimeout = 600; // in seconds
64 $this->PasswordHash = new PasswordHash();
65 $this->User = array('Id' => null);
66 }
67
68 static function GetModelDesc(): ModelDesc
69 {
70 $Desc = new ModelDesc(self::GetClassName());
71 $Column = $Desc->AddString('Login');
72 $Column->Unique = true;
73 $Column = $Desc->AddString('Name');
74 $Column->Unique = true;
75 $Desc->AddString('Password');
76 $Desc->AddString('Salt');
77 $Desc->AddString('Email');
78 $Column = $Desc->AddString('LastIpAddress');
79 $Column->HasDefault = true;
80 $Column->Nullable = true;
81 $Column = $Desc->AddDateTime('LastLoginTime');
82 $Column->Nullable = true;
83 $Column->HasDefault = true;
84 $Desc->AddDateTime('RegistrationTime');
85 $Desc->AddBoolean('Locked');
86 $Column = $Desc->AddString('InitPassword');
87 $Column->Nullable = true;
88 $Column->HasDefault = true;
89 return $Desc;
90 }
91
92 function Check(): void
93 {
94 $SID = session_id();
95 // Lookup user record
96 $Query = $this->Database->select('UserOnline', '*', 'SessionId="'.$SID.'"');
97 if ($Query->num_rows > 0)
98 {
99 // Refresh time of last access
100 $this->Database->update('UserOnline', '`SessionId`="'.$SID.'"', array('ActivityTime' => 'NOW()'));
101 } else $this->Database->insert('UserOnline', array('SessionId' => $SID,
102 'User' => null, 'LoginTime' => 'NOW()', 'ActivityTime' => 'NOW()',
103 'IpAddress' => GetRemoteAddress(), 'HostName' => gethostbyaddr(GetRemoteAddress()),
104 'ScriptName' => $_SERVER['PHP_SELF'], 'StayLogged' => 0, 'StayLoggedHash' => ''));
105
106 // Logged permanently?
107 if (array_key_exists('LoginHash', $_COOKIE))
108 {
109 $DbResult = $this->Database->query('SELECT * FROM `UserOnline` WHERE `User`='.$_COOKIE['LoginUserId'].
110 ' AND `StayLogged`=1 AND SessionId!="'.$SID.'"');
111 if ($DbResult->num_rows > 0)
112 {
113 $DbRow = $DbResult->fetch_assoc();
114 if (sha1($_COOKIE['LoginUserId'].$DbRow['StayLoggedHash']) == $_COOKIE['LoginHash'])
115 {
116 $this->Database->query('DELETE FROM `UserOnline` WHERE `SessionId`="'.$SID.'"');
117 $this->Database->query('UPDATE `UserOnline` SET `SessionId`="'.$SID.'" WHERE `Id`='.$DbRow['Id']);
118 }
119 }
120 }
121
122 // Check login
123 $Query = $this->Database->select('UserOnline', '*', '`SessionId`="'.$SID.'"');
124 $Row = $Query->fetch_assoc();
125 if ($Row['User'] != '')
126 {
127 $Query = $this->Database->query('SELECT `User`.* FROM `User` WHERE `User`.`Id`='.$Row['User']);
128 $this->User = $Query->fetch_assoc();
129 $Result = USER_LOGGED;
130 } else
131 {
132 $Query = $this->Database->select('User', '*', 'Id IS NULL');
133 $this->User = array('Id' => null);
134 $Result = USER_NOT_LOGGED;
135 }
136
137 // Remove nonactive users
138 $DbResult = $this->Database->select('UserOnline', '`Id`, `User`', '(`ActivityTime` < DATE_SUB(NOW(), INTERVAL '.$this->OnlineStateTimeout.' SECOND)) AND (`StayLogged` = 0)');
139 while ($DbRow = $DbResult->fetch_array())
140 {
141 $this->Database->delete('UserOnline', 'Id='.$DbRow['Id']);
142 if ($DbRow['User'] != null) ModuleLog::Cast($this->System->GetModule('Log'))->NewRecord('User', 'Logout');
143 }
144 //$this->LoadPermission($this->User['Role']);
145
146 // Role and permission
147 //$this->LoadRoles();
148 }
149
150 function Register(string $Login, string $Password, string $Password2, string $Email, string $Name): string
151 {
152 if (($Email == '') || ($Login == '') || ($Password == '') || ($Password2 == '') || ($Name == '')) $Result = DATA_MISSING;
153 else if ($Password != $Password2) $Result = PASSWORDS_UNMATCHED;
154 else
155 {
156 // Is user registred yet?
157 $Query = $this->Database->select('User', '*', 'Login = "'.$Login.'"');
158 if ($Query->num_rows > 0) $Result = LOGIN_USED;
159 else
160 {
161 $Query = $this->Database->select('User', '*', 'Name = "'.$Name.'"');
162 if ($Query->num_rows > 0) $Result = NAME_USED;
163 else
164 {
165 $Query = $this->Database->select('User', '*', 'Email = "'.$Email.'"');
166 if ($Query->num_rows > 0) $Result = EMAIL_USED;
167 else
168 {
169 $PasswordHash = new PasswordHash();
170 $Salt = $PasswordHash->GetSalt();
171 $this->Database->insert('User', array('Name' => $Name, 'Login' => $Login,
172 'Password' => $PasswordHash->Hash($Password, $Salt), 'Salt' => $Salt,
173 'Email' => $Email, 'RegistrationTime' => 'NOW()',
174 'Locked' => 1));
175 $UserId = $this->Database->insert_id;
176 $PermissionGroup = new PermissionGroup($this->System);
177 $this->Database->insert('PermissionUserAssignment', array('User' => $UserId,
178 'AssignedGroup' => $PermissionGroup->GetItemBySysName('registered-users')));
179
180 $NewPassword = substr(sha1(strtoupper($Login)), 0, 7);
181
182 // Send activation mail to user email
183 $ServerURL = 'https://'.$this->System->Config['Web']['Host'].$this->System->Config['Web']['RootFolder'];
184 $Mail = new Mail();
185 $Mail->Subject = 'Registrace nového účtu';
186 $Mail->AddBody('Provedli jste registraci nového účtu na serveru <a href="'.$ServerURL.'">'.$ServerURL.'"</a>.'.
187 '<br/>\nPokud jste tak neučinili, měli by jste tento email ignorovat.<br/><br/>\n\n'.
188 'Váš účet je: '.$Login."\n<br/>Pro dokončení registrace klikněte na tento odkaz: ".'<a href="'.
189 $ServerURL.'/user/?Action=UserRegisterConfirm&User='.
190 $UserId.'&H='.$NewPassword.'">'.$ServerURL.'/?Action=UserRegisterConfirm&User='.
191 $UserId.'&H='.$NewPassword.'</a>.'."\n<br> \n\n'.
192 '<br/><br/>Na tento email neodpovídejte.", 'text/html');
193 $Mail->AddTo($Email, $Name);
194 $Mail->From = $this->System->Config['Web']['Title'].' <noreplay@zdechov.net>';
195 $Mail->Send();
196
197 $Result = USER_REGISTRATED;
198 ModuleLog::Cast($this->System->GetModule('Log'))->NewRecord('User', 'NewRegistration', $Login);
199 }
200 }
201 }
202 }
203 return $Result;
204 }
205
206 function RegisterConfirm(string $Id, string $Hash): string
207 {
208 $DbResult = $this->Database->select('User', 'Id, Login, Password', 'Id = '.$Id);
209 if ($DbResult->num_rows > 0)
210 {
211 $Row = $DbResult->fetch_array();
212 $NewPassword = substr(sha1(strtoupper($Row['Login'])), 0, 7);
213 if ($Hash == $NewPassword)
214 {
215 $this->Database->update('User', 'Id='.$Row['Id'], array('Locked' => 0));
216 $Output = USER_REGISTRATION_CONFIRMED;
217 ModuleLog::Cast($this->System->GetModule('Log'))->NewRecord('User', 'RegisterConfirm', 'Login='.
218 $Row['Login'].', Id='.$Row['Id']);
219 } else $Output = PASSWORDS_UNMATCHED;
220 } else $Output = USER_NOT_FOUND;
221 return $Output;
222 }
223
224 function Login(string $Login, string $Password, bool $StayLogged = false): string
225 {
226 if ($StayLogged) $StayLogged = 1; else $StayLogged = 0;
227 $SID = session_id();
228 $Query = $this->Database->select('User', '*', 'Login="'.$Login.'"');
229 if ($Query->num_rows > 0)
230 {
231 $Row = $Query->fetch_assoc();
232 $PasswordHash = new PasswordHash();
233 if (!$PasswordHash->Verify($Password, $Row['Salt'], $Row['Password'])) $Result = BAD_PASSWORD;
234 else if ($Row['Locked'] == 1) $Result = ACCOUNT_LOCKED;
235 else
236 {
237 $this->Database->update('User', 'Id='.$Row['Id'], array('LastLoginTime' => 'NOW()',
238 'LastIpAddress' => GetRemoteAddress()));
239 $Hash = new PasswordHash();
240 $StayLoggedSalt = $Hash->GetSalt();
241 $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array(
242 'User' => $Row['Id'], 'StayLogged' => $StayLogged, 'StayLoggedHash' => $StayLoggedSalt));
243 if ($StayLogged)
244 {
245 setcookie('LoginUserId', $Row['Id'], time()+365*24*60*60, $this->System->Link('/'));
246 setcookie('LoginHash', sha1($Row['Id'].$StayLoggedSalt), time()+365*24*60*60, $this->System->Link('/'));
247 } else
248 {
249 setcookie('LoginUserId', '', time() - 3600, $this->System->Link('/'));
250 setcookie('LoginHash', '', time() - 3600, $this->System->Link('/'));
251 }
252
253 $Result = USER_LOGGED_IN;
254 $this->Check();
255 ModuleLog::Cast($this->System->GetModule('Log'))->NewRecord('User', 'Login', 'Login='.$Login.',Host='.gethostbyaddr(GetRemoteAddress()));
256 }
257 } else $Result = USER_NOT_REGISTRED;
258
259 // Wait some minimal time if not able to log in to avoid brute forcing passwords
260 if ($Result != USER_LOGGED_IN) sleep(1);
261
262 return $Result;
263 }
264
265 function Logout(): string
266 {
267 $SID = session_id();
268 $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array('User' => null));
269 ModuleLog::Cast($this->System->GetModule('Log'))->NewRecord('User', 'Logout', $this->User['Login']);
270 $this->Check();
271 return USER_LOGGED_OUT;
272 }
273
274 function LoadRoles()
275 {
276 $this->Roles = array();
277 $DbResult = $this->Database->select('UserRole', '*');
278 while ($DbRow = $DbResult->fetch_array())
279 {
280 $this->Roles[] = $DbRow;
281 }
282 }
283
284 function LoadPermission($Role)
285 {
286 $this->User['Permission'] = array();
287 $DbResult = $this->Database->query('SELECT `UserRolePermission`.*, `PermissionOperation`.`Description` FROM `UserRolePermission` JOIN `PermissionOperation` ON `PermissionOperation`.`Id` = `UserRolePermission`.`Operation` WHERE `UserRolePermission`.`Role` = '.$Role);
288 if ($DbResult->num_rows > 0)
289 while ($DbRow = $DbResult->fetch_array())
290 {
291 $this->User['Permission'][$DbRow['Operation']] = $DbRow;
292 }
293 }
294
295 function PermissionMatrix(): array
296 {
297 $Result = array();
298 $DbResult = $this->Database->query('SELECT `UserRolePermission`.*, `PermissionOperation`.`Description`, `UserRole`.`Title` FROM `UserRolePermission` LEFT JOIN `PermissionOperation` ON `PermissionOperation`.`Id` = `UserRolePermission`.`Operation` LEFT JOIN `UserRole` ON `UserRole`.`Id` = `UserRolePermission`.`Role`');
299 while ($DbRow = $DbResult->fetch_array())
300 {
301 $Value = '';
302 if ($DbRow['Read']) $Value .= 'R';
303 if ($DbRow['Write']) $Value .= 'W';
304 $Result[$DbRow['Description']][$DbRow['Title']] = $Value;
305 }
306 return $Result;
307 }
308
309 function CheckGroupPermission(string $GroupId, string $OperationId): bool
310 {
311 $PermissionExists = false;
312 // First try to check cache group-group relation
313 if (array_key_exists($GroupId, $this->PermissionGroupCache))
314 {
315 $PermissionExists = true;
316 } else
317 {
318 $this->PermissionGroupCache[$GroupId] = array();
319
320 // If no permission combination exists in cache, do new check of database items
321 $DbResult = $this->Database->select('PermissionGroupAssignment', '*', '(`Group`="'.$GroupId.
322 '") AND (`AssignedGroup` IS NOT NULL)');
323 while ($DbRow = $DbResult->fetch_array())
324 {
325 $this->PermissionGroupCache[$GroupId][] = $DbRow;
326 }
327 $PermissionExists = true;
328 }
329 if ($PermissionExists)
330 {
331 foreach ($this->PermissionGroupCache[$GroupId] as $DbRow)
332 {
333 if ($DbRow['AssignedGroup'] != '')
334 {
335 if ($this->CheckGroupPermission($DbRow['AssignedGroup'], $OperationId) == true) return true;
336 }
337 }
338 }
339
340 // Check group-operation relation
341 if (array_key_exists($GroupId.','.$OperationId, $this->PermissionGroupCacheOp))
342 {
343 $PermissionExists = true;
344 } else
345 {
346 // If no permission combination exists in cache, do new check of database items
347 $DbResult = $this->Database->select('PermissionGroupAssignment', '*', '`Group`="'.$GroupId.'" AND `AssignedOperation`="'.$OperationId.'"');
348 if ($DbResult->num_rows > 0) $this->PermissionGroupCacheOp[$GroupId.','.$OperationId] = true;
349 else $this->PermissionGroupCacheOp[$GroupId.','.$OperationId] = false;
350 $PermissionExists = true;
351 }
352 if ($PermissionExists)
353 {
354 return $this->PermissionGroupCacheOp[$GroupId.','.$OperationId];
355 }
356 return false;
357 }
358
359 function CheckPermission(string $Module, string $Operation, string $ItemType = '', int $ItemIndex = 0): bool
360 {
361 // Get module id
362 $DbResult = $this->Database->select('Module', 'Id', '`Name`="'.$Module.'"');
363 if ($DbResult->num_rows > 0)
364 {
365 $DbRow = $DbResult->fetch_assoc();
366 $ModuleId = $DbRow['Id'];
367 } else return false;
368
369 // First try to check cache
370 if (in_array(array($Module, $Operation, $ItemType, $ItemType), $this->PermissionCache))
371 {
372 $OperationId = array_search(array($Module, $Operation, $ItemType, $ItemIndex), $this->PermissionCache);
373 $PermissionExists = is_numeric($OperationId);
374 } else
375 {
376 // If no permission combination exists in cache, do new check of database items
377 $DbResult = $this->Database->select('PermissionOperation', 'Id', '(`Module`="'.$ModuleId.
378 '") AND (`Item`="'.$ItemType.'") AND (`ItemId`='.$ItemIndex.') AND (`Operation`="'.$Operation.'")');
379 if ($DbResult->num_rows > 0)
380 {
381 $DbRow = $DbResult->fetch_array();
382 $OperationId = $DbRow['Id'];
383 $this->PermissionCache[$DbRow['Id']] = array($Module, $Operation, $ItemType, $ItemIndex);
384 $PermissionExists = true;
385 } else
386 {
387 $this->PermissionCache[count($this->PermissionCache).'_'] = array($Module, $Operation, $ItemType, $ItemIndex);
388 $PermissionExists = false;
389 }
390 }
391
392 if ($PermissionExists)
393 {
394 if ($this->User == null or $this->User['Id'] == null) $UserCondition = '(`User` IS NULL)';
395 else $UserCondition = '(`User`="'.$this->User['Id'].'")';
396 // Check user-operation relation
397 $DbResult = $this->Database->select('PermissionUserAssignment', '*', $UserCondition.' AND (`AssignedOperation`="'.$OperationId.'")');
398 if ($DbResult->num_rows > 0) return true;
399
400
401 // Check user-group relation
402 $DbResult = $this->Database->select('PermissionUserAssignment', 'AssignedGroup', '(`AssignedGroup` IS NOT NULL) AND '.$UserCondition);
403 while ($DbRow = $DbResult->fetch_array())
404 {
405 if ($this->CheckGroupPermission($DbRow['AssignedGroup'], $OperationId) == true) return true;
406 }
407 return false;
408 } else return false;
409 }
410
411 function PasswordRecoveryRequest(string $Login, string $Email): string
412 {
413 $DbResult = $this->Database->select('User', 'Login, Name, Id, Email, Password', '`Login`="'.$Login.'" AND `Email`="'.$Email.'"');
414 if ($DbResult->num_rows > 0)
415 {
416 $Row = $DbResult->fetch_array();
417 $NewPassword = substr(sha1(strtoupper($Row['Login'])), 0, 7);
418
419 $ServerURL = 'https://'.$this->System->Config['Web']['Host'].$this->System->Config['Web']['RootFolder'];
420 $Mail = new Mail();
421 $Mail->Subject = 'Obnova hesla';
422 $Mail->From = $this->System->Config['Web']['Title'].' <noreplay@zdechov.net>';
423 $Mail->AddTo($Row['Email'], $Row['Name']);
424 $Mail->AddBody('Požádali jste o zaslání nového hesla na serveru <a href="'.$ServerURL.'">'.$ServerURL.'"</a>.<br />\n'.
425 "Pokud jste tak neučinili, měli by jste tento email ignorovat.<br /><br />\n\nVaše nové heslo k účtu ".
426 $Row['Login'].' je: '.$NewPassword."\n<br/>".
427 'Pro aktivaci tohoto hesla klikněte na <a href="'.$ServerURL.'/user/?Action=PasswordRecoveryConfirm&User='.
428 $Row['Id'].'&H='.$Row['Password'].'&P='.$NewPassword.'">tento odkaz</a>.'."\n<br />".
429 "Po přihlášení si prosím změňte heslo na nové.\n\n<br><br>Na tento email neodpovídejte.", 'text/html');
430 $Mail->Send();
431
432 $Output = USER_PASSWORD_RECOVERY_SUCCESS;
433 ModuleLog::Cast($this->System->GetModule('Log'))->NewRecord('User', 'PasswordRecoveryRequest', 'Login='.$Login.',Email='.$Email);
434 } else $Output = USER_PASSWORD_RECOVERY_FAIL;
435 return $Output;
436 }
437
438 function PasswordRecoveryConfirm(string $Id, string $Hash, string $NewPassword): string
439 {
440 $DbResult = $this->Database->select('User', 'Id, Login, Password', 'Id = '.$Id);
441 if ($DbResult->num_rows > 0)
442 {
443 $Row = $DbResult->fetch_array();
444 $NewPassword2 = substr(sha1(strtoupper($Row['Login'])), 0, 7);
445 if (($NewPassword == $NewPassword2) and ($Hash == $Row['Password']))
446 {
447 $PasswordHash = new PasswordHash();
448 $Salt = $PasswordHash->GetSalt();
449 $this->Database->update('User', 'Id='.$Row['Id'], array('Password' => $PasswordHash->Hash($NewPassword, $Salt),
450 'Salt' => $Salt, 'Locked' => 0));
451 $Output = USER_PASSWORD_RECOVERY_CONFIRMED;
452 ModuleLog::Cast($this->System->GetModule('Log'))->NewRecord('User', 'PasswordRecoveryConfirm', 'Login='.$Row['Login']);
453 } else $Output = PASSWORDS_UNMATCHED;
454 } else $Output = USER_NOT_FOUND;
455 return $Output;
456 }
457
458 function CheckToken(string $Module, string $Operation, string $Token): bool
459 {
460 $DbResult = $this->Database->select('APIToken', 'User', '`Token`="'.$Token.'"');
461 if ($DbResult->num_rows > 0)
462 {
463 $DbRow = $DbResult->fetch_assoc();
464 $User = new User($this->System);
465 $User->User = array('Id' => $DbRow['User']);
466 return $User->CheckPermission($Module, $Operation);
467 } else return false;
468 }
469}
470
471class UserOnline extends Model
472{
473 static function GetModelDesc(): ModelDesc
474 {
475 $Desc = new ModelDesc(self::GetClassName());
476 $Desc->Memory = true;
477 $Desc->AddReference('User', User::GetClassName(), true);
478 $Desc->AddDateTime('ActivityTime');
479 $Desc->AddDateTime('LoginTime');
480 $Desc->AddString('SessionId');
481 $Desc->AddString('IpAddress');
482 $Desc->AddString('HostName');
483 $Desc->AddString('ScriptName');
484 $Desc->AddBoolean('StayLogged');
485 $Desc->AddString('StayLoggedHash');
486 return $Desc;
487 }
488}
489
490class PermissionGroup extends Model
491{
492 static function GetModelDesc(): ModelDesc
493 {
494 $Desc = new ModelDesc(self::GetClassName());
495 $Desc->AddString('Description');
496 $Desc->AddString('SysName');
497 $Desc->DefaultValuesMethod = 'GetDefaultValues';
498 return $Desc;
499 }
500
501 static function GetDefaultValues(): array
502 {
503 return array(
504 array('Id' => 1, 'Description' => 'Ostatní uživatelé', 'SysName' => 'other-users'),
505 array('Id' => 2, 'Description' => 'Registrovaní uživatelé', 'SysName' => 'registered-users'),
506 array('Id' => 3, 'Description' => 'Správci', 'SysName' => 'admins'),
507 );
508 }
509
510 function GetItemBySysName(string $Name): int
511 {
512 $DbResult = $this->Database->select('PermissionGroup', 'Id', '`SysName`="'.$Name.'"');
513 if ($DbResult->num_rows > 0)
514 {
515 $DbRow = $DbResult->fetch_assoc();
516 return $DbRow['Id'];
517 } else return 0;
518 }
519}
520
521class PermissionGroupAssignment extends Model
522{
523 static function GetModelDesc(): ModelDesc
524 {
525 $Desc = new ModelDesc(self::GetClassName());
526 $Desc->AddReference('Group', PermissionGroup::GetClassName());
527 $Desc->AddReference('AssignedGroup', PermissionGroup::GetClassName(), true);
528 $Desc->AddReference('AssignedOperation', PermissionOperation::GetClassName(), true);
529 return $Desc;
530 }
531}
532
533class PermissionOperation extends Model
534{
535 static function GetModelDesc(): ModelDesc
536 {
537 $Desc = new ModelDesc(self::GetClassName());
538 $Desc->AddReference('Module', Module::GetClassName());
539 $Desc->AddString('Operation');
540 $Desc->AddString('Item');
541 $Desc->AddInteger('ItemId');
542 $Desc->Indices = array('Operation', 'Item', 'ItemId');
543 return $Desc;
544 }
545}
546
547class PermissionUserAssignment extends Model
548{
549 static function GetModelDesc(): ModelDesc
550 {
551 $Desc = new ModelDesc(self::GetClassName());
552 $Desc->AddReference('User', User::GetClassName());
553 $Desc->AddReference('AssignedGroup', PermissionGroup::GetClassName(), true);
554 $Desc->AddReference('AssignedOperation', PermissionOperation::GetClassName(), true);
555 return $Desc;
556 }
557}
Note: See TracBrowser for help on using the repository browser.