Page: Program_Root/system/lib-security.php

This is the security library for Geeklog. This is used to implement Geeklog's *nix-style security system.
Programming notes:  For items you need security on you need the following for each record 
 in your database:
 owner_id        | mediumint(8)          
 group_id        | mediumint(8)          
 perm_owner      | tinyint(1) unsigned   
 perm_group      | tinyint(1) unsigned   
 perm_members    | tinyint(1) unsigned  
 perm_anon       | tinyint(1) unsigned  

 For display one function can handle most needs:
 function SEC_hasAccess($owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon)
 A call to this function will allow you to determine if the current user should see the item.

 For the admin screen several functions will make life easier:
 function SEC_getPermissionsHTML($perm_owner,$perm_group,$perm_members,$perm_anon)
 This function displays the permissions widget with arrays for each permission
 function SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon)
 This function takes the permissions from the previous function and converts them into 
 an integer for saving back to the database.

Classes defined on this page:
Include Statements Summary
INCLUDE TYPEINCLUDED FILENAMEDESCRIPTION


Constant Summary
CONSTANT NAMECONSTANT VALUEDESCRIPTION


Function Summary
string SEC_getPermissionsHTML ( $perm_owner, $perm_group, $perm_members, $perm_anon )
Shows security control for an object
int SEC_getPermissionValue ( $perm_x )
Converts permission array into numeric value
array SEC_getPermissionValues ( $perm_owner, $perm_group, $perm_members, $perm_anon )
Converts permissions to numeric values
array SEC_getUserGroups ( $uid, $usergroups, $cur_grp_id )
Returns the groups a user belongs to
string SEC_getUserPermissions ( $grp_id, $uid )
Gets everything a user has permissions to within the system
int SEC_hasAccess ( $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon )
Checks if current user has access to the given object
boolean SEC_hasRights ( $features, $operator )
Checks if current user has rights to a feature
boolean SEC_hasTopicAccess ( $tid )
Checks to see if current user has access to view a topic
boolean SEC_inGroup ( $grp_to_verify, $uid, $cur_grp_id )
Determines if user belongs to specified group
boolean SEC_isModerator ( )
Determines if current user is a moderator of any kind

Include Statements Detail

Constant Detail

Function Detail

SEC_getPermissionsHTML

string SEC_getPermissionsHTML ( $perm_owner, $perm_group, $perm_members, $perm_anon )

Shows security control for an object
This will return the HTML needed to create the security control see on the admin
 screen for GL objects (i.e. stories, links, etc)
Function Parameters:
- $perm_owner int Permissions the owner has 1 = edit 2 = read 3 = read/edit
- $perm_group int Permission the group has
- $perm_members int Permissions logged in members have
- $perm_anon int Permissions anonymous users have
Function Info:
Return - needed HTML (table) in HTML $perm_owner = array of permissions [edit,read], etc edit = 1 if permission, read = 2 if permission

SEC_getPermissionValue

int SEC_getPermissionValue ( $perm_x )

Converts permission array into numeric value
This function converts an array of permissions for either
 the owner/group/members/anon and returns the numeric 
 equivalent.  This is typically called by the admin screens
 to prepare the permissions to be save to the database
Function Parameters:
- $perm_x array Array of permission values
Function Info:
Return - integer representation of a permission array 2 = read 3 = edit/read
See - SEC_getPermissionValues()

SEC_getPermissionValues

array SEC_getPermissionValues ( $perm_owner, $perm_group, $perm_members, $perm_anon )

Converts permissions to numeric values
This function will take all permissions for an object and get the numeric value
 that can then be used to save the database.
Function Parameters:
- $perm_owner array Array of owner permissions These arrays are set up by SEC_getPermissionsHTML
- $perm_group array Array of group permissions
- $perm_members array Array of member permissions
- $perm_anon array Array of anonymous user permissions
Function Info:
Return - returns numeric equivalent for each permissions array (2 = read, 3=edit/read)
See - SEC_getPermissionsHTML()
See - SEC_getPermissionValue()

SEC_getUserGroups

array SEC_getUserGroups ( $uid, $usergroups, $cur_grp_id )

Returns the groups a user belongs to
This is part of the GL security implementation.  This function returns
 all the groups a user belongs to.  This function is called recursively
 as groups can belong to other groups

 Note: this is an expensive function -- if you are concerned about speed it should only 
       be used once at the beginning of a page.  The resulting array $_GROUPS can then be
       used through out the page.
Function Parameters:
- $uid int User ID to get information for. If empty current user.
- $usergroups string DO NOT USE (for recursion) comma delimited string of groups user belongs to
- $cur_grp_id int DO NOT USE (for recursion) Current group the function is working with in tree
Function Info:
Return - Array of group ID's user belongs to

SEC_getUserPermissions

string SEC_getUserPermissions ( $grp_id, $uid )

Gets everything a user has permissions to within the system
This is part of the Geeklog security implementation.  This function
 will get all the permissions the current user has call itself recursively.
Function Parameters:
- $grp_id int DO NOT USE (Used for recursion) Current group function is working on
Function Info:
Return - returns comma delimited list of features the user has access to

SEC_hasAccess

int SEC_hasAccess ( $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon )

Checks if current user has access to the given object
This function SEC_takes the access info from a Geeklog object
 and let's us know if the have access to the object
 returns 3 for read/edit, 2 for read only and 0 for no
 access
Function Parameters:
- $owner_id int ID of the owner of object
- $group_id int ID of group object belongs to
- $perm_owner int Permissions the owner has
- $perm_group int Permissions the group has
- $perm_members int Permissions logged in members have
- $perm_anon int Permissions anonymous users have
Function Info:
Return - returns 3 for read/edit 2 for read only 0 for no access

SEC_hasRights

boolean SEC_hasRights ( $features, $operator )

Checks if current user has rights to a feature
Takes either a single feature or an array of features and returns
 an array of whether the user has those rights
Function Parameters:
- $features string|array Features to check
- $operator string Either 'and' or 'or'. Default is 'and'. Used if checking more than one feature.
Function Info:
Return - Return true if current user has access to feature(s), otherwise false.

SEC_hasTopicAccess

boolean SEC_hasTopicAccess ( $tid )

Checks to see if current user has access to view a topic
Checks to see if current user has access to view a topic
Function Parameters:
- $tid string ID for topic to check on
Function Info:
Return - true if user has access to topic, otherwise false

SEC_inGroup

boolean SEC_inGroup ( $grp_to_verify, $uid, $cur_grp_id )

Determines if user belongs to specified group
This is part of the Geeklog security implementation. This function
 looks up whether a user belongs to a specified group
Function Parameters:
- $grp_to_verify string Group we want to see if user belongs to
- $uid int ID for user to check. If empty current user.
- $cur_grp_id string NOT USED Current group we are working with in hierarchy
Function Info:
Return - true if user is in group, otherwise false

SEC_isModerator

boolean SEC_isModerator ( )

Determines if current user is a moderator of any kind
Checks to see if this user is a moderator for any of the GL features OR
 GL plugins
Function Parameters:
Function Info:
Return - returns if user has any .moderate rights