Jelix 1.7.15

jAcl2DbAdminCheckAuthorizations
in package

Allow to verify admin rights when a change occurs in the authorizations.

Tags
subpackage

acl

Table of Contents

ACL_ADMIN_RIGHTS_NOT_ASSIGNED  = 1
result of the checking : nobody have one of the admin rights.
ACL_ADMIN_RIGHTS_SESSION_USER_LOOSE_THEM  = 2
result of the checking : the current user loose one of admin rights.
ACL_ADMIN_RIGHTS_STILL_USED  = 0
result of the checking : admin rights are ok to manage authorizations.
$ACL_ADMIN_RIGHTS  : mixed
$authorizationsChanges  : array<string|int, mixed>
$authorizationStats  : array<string|int, mixed>
$sessionUser  : null|string
$sessionUserAuthorizationStats  : array<string|int, mixed>
__construct()  : mixed
checkAclAdminAuthorizationsChanges()  : int
Checks if given authorizations changes still allow to administrate rights for at least one user.
checkAclAdminRightsToAddUserIntoGroup()  : int
check if the adding of the given user to the the given group still allows to administrate rights for at least one user.
checkAclAdminRightsToRemoveGroup()  : int
check if the removing of the given group still allows to administrate rights for at least one user.
checkAclAdminRightsToRemoveUser()  : int
check if the removing of the given user still allow to administrate authorizations for at least one user.
checkAclAdminRightsToRemoveUserFromGroup()  : int
check if the removing of the given user from a the given group still allows to administrate rights for at least one user.
finalChecking()  : int
getAuthorizationChange()  : null|bool|string
Gives the authorization of the given right on the given group among the authorizations changes.
initChecks()  : bool|jDbResultSet
initialize some properties and do a query on rights.
loadGroupAuthorizations()  : mixed

Constants

ACL_ADMIN_RIGHTS_NOT_ASSIGNED

result of the checking : nobody have one of the admin rights.

public int ACL_ADMIN_RIGHTS_NOT_ASSIGNED = 1

There is no user having all admin rights to manage authorizations

ACL_ADMIN_RIGHTS_SESSION_USER_LOOSE_THEM

result of the checking : the current user loose one of admin rights.

public int ACL_ADMIN_RIGHTS_SESSION_USER_LOOSE_THEM = 2

The current user tries to remove some admin rights to manage authorizations, although he is the only one user having them.

ACL_ADMIN_RIGHTS_STILL_USED

result of the checking : admin rights are ok to manage authorizations.

public int ACL_ADMIN_RIGHTS_STILL_USED = 0

There is at least one user having admin rights to manage authorizations

Properties

$ACL_ADMIN_RIGHTS

public static mixed $ACL_ADMIN_RIGHTS = array('acl.group.view', 'acl.group.modify', 'acl.group.delete', 'acl.user.view', 'acl.user.modify')

$sessionUserAuthorizationStats

protected array<string|int, mixed> $sessionUserAuthorizationStats = array()

number of authorizations for each admin rights during a checking of the user session

Methods

__construct()

public __construct([string $sessionUser = null ]) : mixed
Parameters
$sessionUser : string = null

the login of the user who initiates the change

Return values
mixed

checkAclAdminAuthorizationsChanges()

Checks if given authorizations changes still allow to administrate rights for at least one user.

public checkAclAdminAuthorizationsChanges(array<string|int, mixed> $authorizationsChanges, int $changeType) : int

For each groups, only authorizations on given rights are considered changed. Other existing authorizations are considered as deleted.

Authorizations with resources are not changed.

Parameters
$authorizationsChanges : array<string|int, mixed>

array(<id_aclgrp> => array( <id_aclsbj> => false(inherit)/''(inherit)/true(add)/'y'(add)/'n'(remove)))

$changeType : int

1 for group rights change, 2 for user rights change, 3 for both

Return values
int

one of ACL_ADMIN_RIGHTS_* constant

checkAclAdminRightsToAddUserIntoGroup()

check if the adding of the given user to the the given group still allows to administrate rights for at least one user.

public checkAclAdminRightsToAddUserIntoGroup(string $userToAdd, string $groupInWhichToAddAUser) : int

(because the group may forbid to administrate rights.)

Parameters
$userToAdd : string

the user login

$groupInWhichToAddAUser : string

the group id

Return values
int

one of ACL_ADMIN_RIGHTS_* constant

checkAclAdminRightsToRemoveGroup()

check if the removing of the given group still allows to administrate rights for at least one user.

public checkAclAdminRightsToRemoveGroup(string $groupToRemove) : int
Parameters
$groupToRemove : string

the group id to remove

Return values
int

one of ACL_ADMIN_RIGHTS_* constant

checkAclAdminRightsToRemoveUser()

check if the removing of the given user still allow to administrate authorizations for at least one user.

public checkAclAdminRightsToRemoveUser(string $userToRemove) : int
Parameters
$userToRemove : string
Return values
int

one of ACL_ADMIN_RIGHTS_* constant

checkAclAdminRightsToRemoveUserFromGroup()

check if the removing of the given user from a the given group still allows to administrate rights for at least one user.

public checkAclAdminRightsToRemoveUserFromGroup(string $userToRemoveFromTheGroup, string $groupFromWhichToRemoveTheUser) : int
Parameters
$userToRemoveFromTheGroup : string
$groupFromWhichToRemoveTheUser : string
Return values
int

one of ACL_ADMIN_RIGHTS_* constant

getAuthorizationChange()

Gives the authorization of the given right on the given group among the authorizations changes.

protected getAuthorizationChange( $groupId,  $right) : null|bool|string
Parameters
$groupId :
$right :
Return values
null|bool|string

Search results