Dynamic Permissions

core/Api/PermissionAPI.class.php

@@ -0,0 +1,157 @@
+<?php
+
+namespace Api {
+
+  class PermissionAPI extends Request {
+    protected function checkStaticPermission() {
+      if (!$this->user->isLoggedIn() || !$this->user->hasGroup(USER_GROUP_ADMIN)) {
+        return $this->createError("Permission denied.");
+      }
+
+      return true;
+    }
+  }
+}
+
+namespace Api\Permission {
+
+  use Api\Parameter\Parameter;
+  use Api\Parameter\StringType;
+  use Api\PermissionAPI;
+  use Driver\SQL\Condition\Compare;
+  use Objects\User;
+
+  class Check extends PermissionAPI {
+
+    public function __construct(User $user, bool $externalCall = false) {
+      parent::__construct($user, $externalCall, array(
+        'method' => new StringType('method', 323)
+      ));
+
+      $this->isPublic = false;
+    }
+
+    public function execute($values = array()) {
+      if (!parent::execute($values)) {
+        return false;
+      }
+
+      $method = $this->getParam("method");
+      $sql = $this->user->getSQL();
+      $res = $sql->select("groups")
+        ->from("ApiPermission")
+        ->where(new Compare("method", $method))
+        ->execute();
+
+      $this->success = ($res !== FALSE);
+      $this->lastError = $sql->getLastError();
+
+      if ($this->success) {
+        if (empty($res)) {
+          return true;
+        }
+
+        $groups = json_decode($res[0]["groups"]);
+        if (empty($groups)) {
+          return true;
+        }
+
+        if (!$this->user->isLoggedIn() || empty(array_intersect($groups, array_keys($this->user->getGroups())))) {
+          return $this->createError("Permission denied.");
+        }
+      }
+
+      return $this->success;
+    }
+  }
+
+  class Fetch extends PermissionAPI {
+
+    private array $groups;
+
+    public function __construct(User $user, bool $externalCall = false) {
+      parent::__construct($user, $externalCall, array());
+    }
+
+    private function fetchGroups() {
+      $sql = $this->user->getSQL();
+      $res = $sql->select("uid", "name")
+        ->from("Group")
+        ->orderBy("uid")
+        ->ascending()
+        ->execute();
+
+      $this->success = ($res !== FALSE);
+      $this->lastError = $sql->getLastError();
+
+      if ($this->success) {
+        $this->groups = array();
+        foreach($res as $row) {
+          $groupId = $row["uid"];
+          $groupName = $row["name"];
+          $this->groups[$groupId] = $groupName;
+        }
+      }
+
+      return $this->success;
+    }
+
+    public function execute($values = array()) {
+      if (!parent::execute($values)) {
+        return false;
+      }
+
+      if (!$this->checkStaticPermission()) {
+        return false;
+      }
+
+      if (!$this->fetchGroups()) {
+        return false;
+      }
+
+      $sql = $this->user->getSQL();
+      $res = $sql->select("method", "groups")
+        ->from("ApiPermission")
+        ->execute();
+
+      $this->success = ($res !== FALSE);
+      $this->lastError = $sql->getLastError();
+
+      if ($this->success) {
+        $permissions = array();
+        foreach ($res as $row) {
+          $method = $row["method"];
+          $groups = json_decode($row["groups"]);
+          $permissions[] = array("method" => $method, "groups" => $groups);
+        }
+        $this->result["permissions"] = $permissions;
+        $this->result["groups"] = $this->groups;
+      }
+
+      return $this->success;
+    }
+  }
+
+  class Save extends PermissionAPI {
+
+    public function __construct(User $user, bool $externalCall = false) {
+      parent::__construct($user, $externalCall, array(
+        'permissions' => new Parameter('permissions', Parameter::TYPE_ARRAY)
+      ));
+    }
+
+    public function execute($values = array()) {
+      if (!parent::execute($values)) {
+        return false;
+      }
+
+      if (!$this->checkStaticPermission()) {
+        return false;
+      }
+
+
+
+      return $this->success;
+    }
+  }
+}