Programming notes: For items you need security on you need the following for each record in your database: owner_id | mediumint(8) group_id | mediumint(8) perm_owner | tinyint(1) unsigned perm_group | tinyint(1) unsigned perm_members | tinyint(1) unsigned perm_anon | tinyint(1) unsigned For display one function can handle most needs: function SEC_hasAccess($owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon) A call to this function will allow you to determine if the current user should see the item. For the admin screen several functions will make life easier: function SEC_getPermissionsHTML($perm_owner,$perm_group,$perm_members,$perm_anon) This function displays the permissions widget with arrays for each permission function SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon) This function takes the permissions from the previous function and converts them into an integer for saving back to the database.
Geeklog| Include Statements Summary |
| INCLUDE TYPE | INCLUDED FILENAME | DESCRIPTION |
|---|
| Constant Summary |
| CONSTANT NAME | CONSTANT VALUE | DESCRIPTION |
|---|
| Include Statements Detail |
| Constant Detail |
| Function Detail |
string SEC_getPermissionsHTML ( $perm_owner, $perm_group, $perm_members, $perm_anon )
Shows security control for an objectThis will return the HTML needed to create the security control see on the admin screen for GL objects (i.e. stories, links, etc)
$perm_owner int Permissions the owner has 1 = edit 2 = read 3 = read/edit$perm_group int Permission the group has$perm_members int Permissions logged in members have$perm_anon int Permissions anonymous users haveneeded HTML (table) in HTML $perm_owner = array of permissions [edit,read], etc edit = 1 if permission, read = 2 if permissionint SEC_getPermissionValue ( $perm_x )
Converts permission array into numeric valueThis function converts an array of permissions for either the owner/group/members/anon and returns the numeric equivalent. This is typically called by the admin screens to prepare the permissions to be save to the database
$perm_x array Array of permission valuesinteger representation of a permission array 2 = read 3 = edit/readSEC_getPermissionValues()array SEC_getPermissionValues ( $perm_owner, $perm_group, $perm_members, $perm_anon )
Converts permissions to numeric valuesThis function will take all permissions for an object and get the numeric value that can then be used to save the database.
$perm_owner array Array of owner permissions These arrays are set up by SEC_getPermissionsHTML$perm_group array Array of group permissions$perm_members array Array of member permissions$perm_anon array Array of anonymous user permissionsreturns numeric equivalent for each permissions array (2 = read, 3=edit/read)SEC_getPermissionsHTML()SEC_getPermissionValue()array SEC_getUserGroups ( $uid, $usergroups, $cur_grp_id )
Returns the groups a user belongs to
This is part of the GL security implementation. This function returns
all the groups a user belongs to. This function is called recursively
as groups can belong to other groups
Note: this is an expensive function -- if you are concerned about speed it should only
be used once at the beginning of a page. The resulting array $_GROUPS can then be
used through out the page.
$uid int User ID to get information for. If empty current user.$usergroups string DO NOT USE (for recursion) comma delimited string of groups user belongs to$cur_grp_id int DO NOT USE (for recursion) Current group the function is working with in treeArray of group ID's user belongs tostring SEC_getUserPermissions ( $grp_id, $uid )
Gets everything a user has permissions to within the systemThis is part of the Geeklog security implementation. This function will get all the permissions the current user has call itself recursively.
$grp_id int DO NOT USE (Used for recursion) Current group function is working onreturns comma delimited list of features the user has access toint SEC_hasAccess ( $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon )
Checks if current user has access to the given objectThis function SEC_takes the access info from a Geeklog object and let's us know if the have access to the object returns 3 for read/edit, 2 for read only and 0 for no access
$owner_id int ID of the owner of object$group_id int ID of group object belongs to$perm_owner int Permissions the owner has$perm_group int Permissions the group has$perm_members int Permissions logged in members have$perm_anon int Permissions anonymous users havereturns 3 for read/edit 2 for read only 0 for no accessboolean SEC_hasRights ( $features, $operator )
Checks if current user has rights to a featureTakes either a single feature or an array of features and returns an array of whether the user has those rights
$features string|array Features to check$operator string Either 'and' or 'or'. Default is 'and'. Used if checking more than one feature.Return true if current user has access to feature(s), otherwise false.boolean SEC_hasTopicAccess ( $tid )
Checks to see if current user has access to view a topicChecks to see if current user has access to view a topic
$tid string ID for topic to check ontrue if user has access to topic, otherwise falseboolean SEC_inGroup ( $grp_to_verify, $uid, $cur_grp_id )
Determines if user belongs to specified groupThis is part of the Geeklog security implementation. This function looks up whether a user belongs to a specified group
$grp_to_verify string Group we want to see if user belongs to$uid int ID for user to check. If empty current user.$cur_grp_id string NOT USED Current group we are working with in hierarchytrue if user is in group, otherwise falseboolean SEC_isModerator ( )
Determines if current user is a moderator of any kindChecks to see if this user is a moderator for any of the GL features OR GL plugins
returns if user has any .moderate rights