You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
677 lines
21 KiB
677 lines
21 KiB
<?php
|
|
/**
|
|
* This files contains the common functions for the permissions
|
|
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
|
|
*
|
|
* A list of all the functions (in no particular order)
|
|
* ----------------------------------------------------
|
|
* store_permissions($content,$id)
|
|
* get_permissions($content,$id)
|
|
* limited_or_full($current_permissions)
|
|
*/
|
|
|
|
|
|
/**
|
|
* This function stores the permissions in the correct table.
|
|
* Since Checkboxes are used we do not know which ones are unchecked.
|
|
* That's why we first delete them all (for the given user/group/role
|
|
* and afterwards we store the checked ones only.
|
|
* @param $content are we storing rights for a user, a group or a role (the database depends on it)
|
|
* @param $id the id of the user, group or role
|
|
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
|
|
* @version 1.0
|
|
*/
|
|
function store_permissions($content, $id)
|
|
{
|
|
// Which database are we using (depending on the $content parameter)
|
|
if($content=='user')
|
|
{
|
|
$table=Database::get_course_table(TABLE_PERMISSION_USER);
|
|
$id_field = user_id;
|
|
}
|
|
if($content=='group')
|
|
{
|
|
$table=Database::get_course_table(TABLE_PERMISSION_GROUP);
|
|
$id_field = group_id;
|
|
}
|
|
if($content=='role')
|
|
{
|
|
$table=Database::get_course_table(TABLE_ROLE_PERMISSION);
|
|
$id_field = role_id;
|
|
}
|
|
|
|
// We first delete all the existing permissions for that user/group/role
|
|
$sql="DELETE FROM $table WHERE $id_field = '".mysql_real_escape_string($id)."'";
|
|
$result=api_sql_query($sql, __FILE__, __LINE__);
|
|
|
|
// looping through the post values to find the permission (containing the string permission* )
|
|
foreach ($_POST as $key => $value)
|
|
{
|
|
if(strstr($key,"permission*"))
|
|
{
|
|
list($brol,$tool,$action)=explode("*",$key);
|
|
$sql="INSERT INTO $table ($id_field,tool,action) VALUES ('".mysql_real_escape_string($id)."','".mysql_real_escape_string($tool)."','".mysql_real_escape_string($action)."')";
|
|
$result=api_sql_query($sql, __FILE__, __LINE__);
|
|
|
|
|
|
}
|
|
}
|
|
return get_lang('PermissionsStored');
|
|
}
|
|
|
|
/**
|
|
* This function stores one permission in the correct table.
|
|
* @param $content are we storing rights for a user, a group or a role (the database depends on it)
|
|
* @param $action are we granting or revoking a permission?
|
|
* @param $id the id of the user, group or role
|
|
* @param $tool the tool
|
|
* @param $permission the permission the user, group or role has been granted or revoked
|
|
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
|
|
* @version 1.0
|
|
*/
|
|
function store_one_permission($content, $action, $id, $tool,$permission)
|
|
{
|
|
global $rights_full;
|
|
// for some reason I don't know, he can't get to the $rights_full array, so commented the following lines out.
|
|
|
|
// check
|
|
//if(!in_array($permission, $rights_full))
|
|
//{
|
|
// return get_lang('Error');
|
|
//}
|
|
|
|
// Which database are we using (depending on the $content parameter)
|
|
if($content=='user')
|
|
{
|
|
$table=Database::get_course_table(TABLE_PERMISSION_USER);
|
|
$id_field = user_id;
|
|
}
|
|
if($content=='group')
|
|
{
|
|
$table=Database::get_course_table(TABLE_PERMISSION_GROUP);
|
|
$id_field = group_id;
|
|
}
|
|
if($content=='role')
|
|
{
|
|
$table=Database::get_course_table(TABLE_ROLE_PERMISSION);
|
|
$id_field = role_id;
|
|
}
|
|
|
|
// grating a right
|
|
if($action=='grant')
|
|
{
|
|
$sql="INSERT INTO $table ($id_field,tool,action) VALUES ('".mysql_real_escape_string($id)."','".mysql_real_escape_string($tool)."','".mysql_real_escape_string($permission)."')";
|
|
$result=api_sql_query($sql, __FILE__, __LINE__);
|
|
if($result)
|
|
{
|
|
$result_message=get_lang('PermissionGranted');
|
|
}
|
|
}
|
|
if($action=='revoke')
|
|
{
|
|
$sql="DELETE FROM $table WHERE $id_field = '".mysql_real_escape_string($id)."' AND tool='".mysql_real_escape_string($tool)."' AND action='".mysql_real_escape_string($permission)."'";
|
|
$result=api_sql_query($sql, __FILE__, __LINE__);
|
|
if($result)
|
|
{
|
|
$result_message=get_lang('PermissionRevoked');
|
|
}
|
|
}
|
|
return $result_message;
|
|
}
|
|
|
|
/**
|
|
* This function retrieves the existing permissions of a user, group or role.
|
|
* @param $content are we retrieving the rights of a user, a group or a role (the database depends on it)
|
|
* @param $id the id of the user, group or role
|
|
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
|
|
* @version 1.0
|
|
*/
|
|
function get_permissions($content, $id)
|
|
{
|
|
$currentpermissions=array();
|
|
// Which database are we using (depending on the $content parameter)
|
|
|
|
if($content == 'user')
|
|
{
|
|
$table=Database::get_course_table(TABLE_PERMISSION_USER);
|
|
$id_field = user_id;
|
|
}
|
|
elseif($content == 'group')
|
|
{
|
|
$table=Database::get_course_table(TABLE_PERMISSION_GROUP);
|
|
$id_field = group_id;
|
|
}
|
|
elseif($content == 'role')
|
|
{
|
|
$table=Database::get_course_table(TABLE_ROLE_PERMISSION);
|
|
$id_field = role_id;
|
|
}
|
|
elseif($content == 'platform_role')
|
|
{
|
|
$table=Database::get_main_table(TABLE_ROLE_PERMISSION);
|
|
$id_field = role_id;
|
|
}
|
|
elseif($content == 'task')
|
|
{
|
|
$table=Database::get_course_table(TABLE_BLOGS_TASKS_PERMISSIONS);
|
|
$id_field = task_id;
|
|
}
|
|
|
|
// finding all the permissions. We store this in a multidimensional array
|
|
// where the first dimension is the tool.
|
|
$sql="
|
|
SELECT * FROM " . $table . "
|
|
WHERE " . $id_field . "='" . mysql_real_escape_string($id) . "'";
|
|
$result = api_sql_query($sql, __FILE__, __LINE__);
|
|
|
|
while($row = mysql_fetch_array($result))
|
|
$currentpermissions[$row['tool']][] = $row['action'];
|
|
|
|
return $currentpermissions;
|
|
}
|
|
|
|
/**
|
|
* the array that contains the current permission a user, group or role has will now be changed depending on
|
|
* the Dokeos Config Setting for the permissions (limited [add, edit, delete] or full [view, add, edit, delete, move, visibility]
|
|
* @param $content are we retrieving the rights of a user, a group or a role (the database depends on it)
|
|
* @param $id the id of the user, group or role
|
|
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
|
|
* @version 1.0
|
|
* @todo currently there is a setting user_permissions and group_permissions. We should merge this in one config setting.
|
|
*/
|
|
function limited_or_full($current_permissions)
|
|
{
|
|
if(api_get_setting('permissions')=='limited')
|
|
{
|
|
foreach ($current_permissions as $tool=>$tool_rights)
|
|
{
|
|
// we loop through the possible permissions of a tool and unset the entry if it is view
|
|
// if it is visibility or move we have to grant the edit right
|
|
foreach ($tool_rights as $key=>$value)
|
|
{
|
|
if($value=='View')
|
|
{
|
|
unset($current_permissions[$tool][$key]);
|
|
}
|
|
if($value=='Visibility' OR $value=='Move')
|
|
{
|
|
if(!in_array('Edit',$current_permissions[$tool]))
|
|
{
|
|
$current_permissions[$tool][]='Edit';
|
|
}
|
|
unset($current_permissions[$tool][$key]);
|
|
}
|
|
//else
|
|
//{
|
|
// $current_permissions[$tool][]=$value;
|
|
//}
|
|
}
|
|
}
|
|
return $current_permissions;
|
|
}
|
|
if(api_get_setting('permissions')=='full')
|
|
{
|
|
return $current_permissions;
|
|
}
|
|
}
|
|
/**
|
|
* This function displays a checked or unchecked checkbox. The checkbox will be checked if the
|
|
* user, group or role has the permission for the given tool, unchecked if the user, group or role
|
|
* does not have the right
|
|
* @param $permission_array the array that contains all the permissions of the user, group, role
|
|
* @param $tool the tool we want to check a permission for
|
|
* @param $permission the permission we want to check for
|
|
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
|
|
* @version 1.0
|
|
*/
|
|
function display_checkbox_matrix($permission_array, $tool, $permission, $inherited_permissions=array())
|
|
{
|
|
$checked="";
|
|
if(is_array($permission_array[$tool]) AND in_array($permission,$permission_array[$tool]))
|
|
{
|
|
$checked="checked";
|
|
}
|
|
echo "\t\t\t<input type=\"checkbox\" name=\"permission*$tool*$permission\" $checked>\n";
|
|
|
|
}
|
|
|
|
/**
|
|
* This function displays a checked or unchecked image. The image will be checked if the
|
|
* user, group or role has the permission for the given tool, unchecked if the user, group or role
|
|
* does not have the right
|
|
* @param $permission_array the array that contains all the permissions of the user, group, role
|
|
* @param $tool the tool we want to check a permission for
|
|
* @param $permission the permission we want to check for
|
|
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
|
|
* @version 1.0
|
|
*/
|
|
function display_image_matrix($permission_array, $tool, $permission,$inherited_permissions=array(), $course_admin=false, $editable=true)
|
|
{
|
|
if($course_admin==true)
|
|
{
|
|
echo "\t\t\t<img src=\"../img/checkbox_on3.gif\" border=\"0\"/ title=\"".get_lang('PermissionGrantedByGroupOrRole')."\">";
|
|
}
|
|
else
|
|
{
|
|
if(in_array($permission,$inherited_permissions[$tool]))
|
|
{
|
|
echo "\t\t\t<img src=\"../img/checkbox_on3.gif\" border=\"0\"/ title=\"".get_lang('PermissionGrantedByGroupOrRole')."\">";
|
|
}
|
|
else
|
|
{
|
|
if(is_array($permission_array[$tool]) AND in_array($permission,$permission_array[$tool]))
|
|
{
|
|
if($editable)
|
|
{
|
|
$url=api_get_self();
|
|
foreach($_GET as $key=>$value)
|
|
{
|
|
$parameter[$key]=$value;
|
|
}
|
|
$parameter['action']='revoke';
|
|
$parameter['permission']=$permission;
|
|
$parameter['tool']=$tool;
|
|
foreach ($parameter as $key=>$value)
|
|
{
|
|
$urlparameters.=$key.'='.$value.'&';
|
|
}
|
|
$url=$url.'?'.$urlparameters;
|
|
|
|
echo "\t\t\t <a href=\"".$url."\">";
|
|
}
|
|
echo "<img src=\"../img/checkbox_on2.gif\" border=\"0\"/>";
|
|
if($editable)
|
|
{
|
|
echo "</a>";
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if($editable)
|
|
{
|
|
$url=api_get_self();
|
|
foreach($_GET as $key=>$value)
|
|
{
|
|
$parameter[$key]=$value;
|
|
}
|
|
$parameter['action']='grant';
|
|
$parameter['permission']=$permission;
|
|
$parameter['tool']=$tool;
|
|
foreach ($parameter as $key=>$value)
|
|
{
|
|
$urlparameters.=$key.'='.$value.'&';
|
|
}
|
|
$url=$url.'?'.$urlparameters;
|
|
|
|
//echo "\t\t\t <a href=\"".str_replace('&', '&', $_SERVER['REQUEST_URI'])."&action=grant&permission=$permission&tool=$tool\">";
|
|
echo "\t\t\t <a href=\"".$url."\">";
|
|
}
|
|
echo "<img src=\"../img/wrong.gif\" border=\"0\"/>";
|
|
if($editable)
|
|
{
|
|
echo "</a>";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
/**
|
|
* Slightly modified: Toon Keppens
|
|
* This function displays a checked or unchecked image. The image will be checked if the
|
|
* user, group or role has the permission for the given tool, unchecked if the user, group or role
|
|
* does not have the right
|
|
* @param $permission_array the array that contains all the permissions of the user, group, role
|
|
* @param $tool the tool we want to check a permission for
|
|
* @param $permission the permission we want to check for
|
|
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
|
|
* @version 1.0
|
|
*/
|
|
function display_image_matrix_for_blogs($permission_array, $user_id, $tool, $permission,$inherited_permissions=array(), $course_admin=false, $editable=true)
|
|
{
|
|
if($course_admin==true)
|
|
{
|
|
echo "\t\t\t<img src=\"../img/checkbox_on3.gif\" border=\"0\"/ title=\"".get_lang('PermissionGrantedByGroupOrRole')."\">";
|
|
}
|
|
else
|
|
{
|
|
if(in_array($permission,$inherited_permissions[$tool]))
|
|
{
|
|
echo "\t\t\t<img src=\"../img/checkbox_on3.gif\" border=\"0\"/ title=\"".get_lang('PermissionGrantedByGroupOrRole')."\">";
|
|
}
|
|
else
|
|
{
|
|
if(is_array($permission_array[$tool]) AND in_array($permission,$permission_array[$tool]))
|
|
{
|
|
if($editable)
|
|
{
|
|
$url=api_get_self();
|
|
foreach($_GET as $key=>$value)
|
|
{
|
|
$parameter[$key]=$value;
|
|
}
|
|
$parameter['action']='manage_rights';
|
|
$parameter['do']='revoke';
|
|
$parameter['permission']=$permission;
|
|
$parameter['tool']=$tool;
|
|
$parameter['user_id']=$user_id;
|
|
foreach ($parameter as $key=>$value)
|
|
{
|
|
$urlparameters.=$key.'='.$value.'&';
|
|
}
|
|
$url=$url.'?'.$urlparameters;
|
|
|
|
echo "\t\t\t <a href=\"".$url."\">";
|
|
}
|
|
echo "<img src=\"../img/checkbox_on2.gif\" border=\"0\"/>";
|
|
if($editable)
|
|
{
|
|
echo "</a>";
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if($editable)
|
|
{
|
|
$url=api_get_self();
|
|
foreach($_GET as $key=>$value)
|
|
{
|
|
$parameter[$key]=$value;
|
|
}
|
|
$parameter['action']='manage_rights';
|
|
$parameter['do']='grant';
|
|
$parameter['permission']=$permission;
|
|
$parameter['tool']=$tool;
|
|
$parameter['user_id']=$user_id;
|
|
foreach ($parameter as $key=>$value)
|
|
{
|
|
$urlparameters.=$key.'='.$value.'&';
|
|
}
|
|
$url=$url.'?'.$urlparameters;
|
|
|
|
//echo "\t\t\t <a href=\"".str_replace('&', '&', $_SERVER['REQUEST_URI'])."&action=grant&permission=$permission&tool=$tool\">";
|
|
echo "\t\t\t <a href=\"".$url."\">";
|
|
}
|
|
echo "<img src=\"../img/wrong.gif\" border=\"0\"/>";
|
|
if($editable)
|
|
{
|
|
echo "</a>";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
/**
|
|
* This function displays a list off all the roles of the course (and those defined by the platform admin)
|
|
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
|
|
* @version 1.0
|
|
*/
|
|
function display_role_list($current_course_roles, $current_platform_roles)
|
|
{
|
|
global $setting_visualisation;
|
|
|
|
$coures_roles_table=Database::get_course_table(TABLE_ROLE);
|
|
$platform_roles_table=Database::get_main_table(TABLE_ROLE);
|
|
|
|
// platform roles
|
|
$sql="SELECT * FROM $platform_roles_table";
|
|
$result=api_sql_query($sql, __FILE__, __LINE__);
|
|
while ($row=mysql_fetch_array($result))
|
|
{
|
|
if(in_array($row['role_id'], $current_platform_roles))
|
|
{
|
|
$checked='checked';
|
|
$image='checkbox_on2.gif';
|
|
$action='revoke';
|
|
}
|
|
else
|
|
{
|
|
$checked='';
|
|
$image='wrong.gif';
|
|
$action='grant';
|
|
}
|
|
if($setting_visualisation=='checkbox')
|
|
{
|
|
echo "<input type=\"checkbox\" name=\"role*platform*".$row['role_id']."\" $checked>";
|
|
}
|
|
if($setting_visualisation=='image')
|
|
{
|
|
echo "<a href=\"".str_replace('&', '&', $_SERVER['REQUEST_URI'])."&action=$action&role=".$row['role_id']."&scope=platform\"><img src=\"../img/".$image."\" border=\"0\"/></a>";
|
|
}
|
|
echo $row['role_name']."<br />\n";
|
|
echo $row['role_comment']."<br />\n";
|
|
}
|
|
|
|
// course roles
|
|
$sql="SELECT * FROM $coures_roles_table";
|
|
$result=api_sql_query($sql, __FILE__, __LINE__);
|
|
while ($row=mysql_fetch_array($result))
|
|
{
|
|
if(in_array($row['role_id'], $current_course_roles))
|
|
{
|
|
$checked='checked';
|
|
$image='checkbox_on2.gif';
|
|
$action='revoke';
|
|
}
|
|
else
|
|
{
|
|
$checked='';
|
|
$image='wrong.gif';
|
|
$action='grant';
|
|
}
|
|
if($setting_visualisation=='checkbox')
|
|
{
|
|
echo "<input type=\"checkbox\" name=\"role*course*".$row['role_id']."\" $checked>";
|
|
}
|
|
if($setting_visualisation=='image')
|
|
{
|
|
echo "<a href=\"".str_replace('&', '&', $_SERVER['REQUEST_URI'])."&action=$action&role=".$row['role_id']."&scope=course\"><img src=\"../img/".$image."\" border=\"0\"/></a>";
|
|
}
|
|
|
|
|
|
echo $row['role_name']." <a href=\"../permissions/roles.php?role_id=".$row['role_id']."&scope=course\"><img src=\"../img/edit.gif\" /></a><br />\n";
|
|
echo $row['role_comment']."<br />\n";
|
|
}
|
|
}
|
|
|
|
/**
|
|
* This function gets all the current roles of the user or group
|
|
* @param $content are we finding the roles for a user or a group (the database depends on it)
|
|
* @param $id the id of the user or group
|
|
* @return array that contains the name of the roles the user has
|
|
* @todo consider having a separate table that contains only an id and a name of the role.
|
|
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
|
|
* @version 1.0
|
|
*/
|
|
function get_roles($content,$id, $scope='course')
|
|
{
|
|
if($content=='user')
|
|
{
|
|
$table=Database::get_course_table(TABLE_ROLE_USER);
|
|
$id_field = user_id;
|
|
}
|
|
if($content=='group')
|
|
{
|
|
$table=Database::get_course_table(TABLE_ROLE_GROUP);
|
|
$id_field = group_id;
|
|
}
|
|
$table_role=Database::get_course_table(TABLE_ROLE);
|
|
|
|
$current_roles=array();
|
|
//$sql="SELECT role.role_id FROM $table role_group_user, $table_role role WHERE role_group_user.$id_field = '$id' AND role_group_user.role_id=role.role_id AND role_group_user.scope='".$scope."'";$sql="SELECT role.role_id FROM $table role_group_user, $table_role role WHERE role_group_user.$id_field = '$id' AND role_group_user.role_id=role.role_id AND role_group_user.scope='".$scope."'";
|
|
$sql="SELECT role_id FROM $table WHERE $id_field = '$id' AND scope='".$scope."'";
|
|
$result=api_sql_query($sql, __FILE__, __LINE__);
|
|
while ($row=mysql_fetch_array($result))
|
|
{
|
|
$current_roles[]=$row['role_id'];
|
|
}
|
|
|
|
return $current_roles;
|
|
}
|
|
|
|
/**
|
|
* This function gets all the current roles of the user or group
|
|
* @return array that contains the name of the roles the user has
|
|
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
|
|
* @version 1.0
|
|
*/
|
|
function get_all_roles($content='course')
|
|
{
|
|
if($content=='course')
|
|
{
|
|
$table_role=Database::get_course_table(TABLE_ROLE);
|
|
}
|
|
if($content=='platform')
|
|
{
|
|
$table_role=Database::get_main_table(TABLE_ROLE);
|
|
}
|
|
|
|
$current_roles=array();
|
|
$sql="SELECT * FROM $table_role";
|
|
$result=api_sql_query($sql, __FILE__, __LINE__);
|
|
while ($row=mysql_fetch_array($result))
|
|
{
|
|
$roles[]=$row;
|
|
}
|
|
|
|
return $roles;
|
|
}
|
|
|
|
|
|
/**
|
|
* This function gets all the roles that are defined
|
|
* @param $content are we finding the roles for a user or a group (the database depends on it)
|
|
* @param $id the id of the user or group
|
|
* @param string Deprecated parameter allowing use of 'platform' scope - the corresponding tables don't exist anymore so the scope is always set to 'course'
|
|
* @return array that contains the name of the roles the user has
|
|
* @todo consider having a separate table that contains only an id and a name of the role.
|
|
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
|
|
* @version 1.0
|
|
*/
|
|
function get_roles_permissions($content,$id, $scope='course')
|
|
{
|
|
if($content == 'user')
|
|
{
|
|
$table=Database::get_course_table(TABLE_ROLE_USER);
|
|
$id_field = user_id;
|
|
}
|
|
|
|
if($content == 'group')
|
|
{
|
|
$table = Database::get_course_table(TABLE_ROLE_GROUP);
|
|
$id_field = group_id;
|
|
}
|
|
|
|
// course roles or platform roles
|
|
$scope = 'course';
|
|
if($scope == 'course')
|
|
{
|
|
$table_role = Database::get_course_table(TABLE_ROLE);
|
|
$table_role_permissions = Database::get_course_table(TABLE_ROLE_PERMISSION);
|
|
}
|
|
|
|
if($scope == 'platform')
|
|
{
|
|
$table_role = Database::get_main_table(TABLE_ROLE);
|
|
$table_role_permissions = Database::get_main_table(TABLE_ROLE_PERMISSION);
|
|
}
|
|
|
|
$current_roles = array();
|
|
|
|
$sql = "
|
|
SELECT *
|
|
FROM
|
|
" . $table . " role_group_user,
|
|
" . $table_role . " role,
|
|
" . $table_role_permissions . " role_permissions
|
|
WHERE
|
|
role_group_user.scope = '" . $scope . "' AND
|
|
role_group_user." . $id_field . " = '" . $id . "' AND
|
|
role_group_user.role_id = role.role_id AND
|
|
role.role_id = role_permissions.role_id";
|
|
|
|
$result = api_sql_query($sql, __FILE__, __LINE__);
|
|
|
|
while($row=mysql_fetch_array($result))
|
|
$current_role_permissions[$row['tool']][]=$row['action'];
|
|
|
|
return $current_role_permissions;
|
|
}
|
|
|
|
/**
|
|
* This function is called when we assign a role to a user or a group
|
|
* @param $content are we assigning a role to a group or a user
|
|
* @param $action we can grant a role to a group or user or revoke it
|
|
* @param $id the user_id of the user or the group_id of the group
|
|
* @param $role_id the id of the role we are giving to a user or a group.
|
|
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
|
|
*/
|
|
|
|
function assign_role($content, $action, $id, $role_id, $scope='course')
|
|
{
|
|
// Which database are we using (depending on the $content parameter)
|
|
if($content=='user')
|
|
{
|
|
$table=Database::get_course_table(TABLE_ROLE_USER);
|
|
$id_field = user_id;
|
|
}
|
|
elseif($content=='group')
|
|
{
|
|
$table=Database::get_course_table(TABLE_ROLE_GROUP);
|
|
$id_field = group_id;
|
|
}
|
|
else
|
|
{
|
|
return get_lang('Error');
|
|
}
|
|
|
|
// grating a right
|
|
if($action=='grant')
|
|
{
|
|
$sql="INSERT INTO $table (role_id, scope, $id_field) VALUES ('".mysql_real_escape_string($role_id)."','".mysql_real_escape_string($scope)."','".mysql_real_escape_string($id)."')";
|
|
$result=api_sql_query($sql, __FILE__, __LINE__);
|
|
if($result)
|
|
{
|
|
$result_message=get_lang('RoleGranted');
|
|
}
|
|
}
|
|
if($action=='revoke')
|
|
{
|
|
$sql="DELETE FROM $table WHERE $id_field = '".mysql_real_escape_string($id)."' AND role_id='".mysql_real_escape_string($role_id)."'";
|
|
$result=api_sql_query($sql, __FILE__, __LINE__);
|
|
if($result)
|
|
{
|
|
$result_message=get_lang('RoleRevoked');
|
|
}
|
|
}
|
|
return $result_message;
|
|
}
|
|
|
|
|
|
/**
|
|
* This function merges permission arrays. Each permission array has the following structure
|
|
* a permission array has a tool contanst as a key and an array as a value. This value array consists of all the permissions that are granted in that tool.
|
|
*/
|
|
function permission_array_merge($array1, $array2)
|
|
{
|
|
foreach ($array2 as $tool=>$permissions)
|
|
{
|
|
foreach ($permissions as $permissionkey=>$permissionvalue)
|
|
{
|
|
$array1[$tool][]=$permissionvalue;
|
|
}
|
|
}
|
|
return $array1;
|
|
}
|
|
|
|
|
|
function my_print_r($array)
|
|
{
|
|
echo '<pre>';
|
|
print_r($array);
|
|
echo '</pre>';
|
|
}
|
|
?>
|