added: privileges (user, groups, permissions)

(not finished yet) classes: User, Group, Users, Groups, UGContainer changed: Dir class into Dirs git-svn-id: svn://ttmath.org/publicrep/cmslu/trunk@467 e52654a7-88a9-db11-a3e9-0013d4bc506e
2008-12-21 21:17:09 +00:00
parent 86f28faf8d
commit 55cd813141
29 changed files with 1520 additions and 121 deletions
--- a/core/request.cpp
+++ b/core/request.cpp
@@ -113,7 +113,7 @@ std::string & Request::PostVar(const char * var)
 	p = post_table.find(var);
 	
 	if( p == post_table.end() )
-		throw Error();
+		throw Error(Error::no_cookie);

 return p->second;
 }
@@ -288,3 +288,133 @@ void Request::SendAll()



+bool Request::CanChangeUser(const Item & item, long new_user_id)
+{
+	if( !session )
+		// session must be set
+		return false;
+	
+	if( session->puser && session->puser->super_user )
+		// super user is allowed everything
+		return true;
+		
+	if( item.user_id != new_user_id )
+		// only super user can change the owner of an item
+		return false;
+
+return true;
+}
+
+
+bool Request::CanChangeGroup(const Item & item, long new_group_id)
+{
+	if( !session )
+		// session must be set
+		return false;
+
+	if( session->puser && session->puser->super_user )
+		// super user is allowed everything
+		return true;
+
+	if( item.group_id != new_group_id )
+	{
+		// user is allowed to change the group only if he is an owner of the item
+		// he can change only into a group in which he is a member of, or into a 'no_group'
+		
+		if( !session->puser )
+			return false;
+			
+		if( session->puser->id != item.user_id )
+			return false;
+			
+		if( new_group_id == -1 )
+			return true;
+			
+		if( !session->puser->IsMemberOf(new_group_id) )
+			return false;
+			
+		// is logged, is the owner of the item, is the member of the new group
+	}
+	
+return true;
+}
+
+
+bool Request::CanChangePrivileges(const Item & item, int new_priv)
+{
+	if( !session )
+		// session must be set
+		return false;
+
+	if( session->puser && session->puser->super_user )
+		// super user is allowed everything
+		return true;
+
+	if( item.privileges != new_priv )
+	{
+		// the owner of an item is allowed to change the privileges		
+		
+		if( !session->puser )
+			return false;
+			
+		if( session->puser->id != item.user_id )
+			return false;
+	}
+
+return true;
+}
+
+
+
+bool Request::HasAccess(const Item & item, int mask)
+{
+	if( !session )
+		// session must be set
+		return false;
+
+	if( session->puser && session->puser->super_user )
+		// super user is allowed everything
+		return true;
+	
+	if( session->puser && session->puser->id == item.user_id )
+	{
+		// the owner
+		return ((item.privileges >> 6) & mask) == mask;
+	}
+	
+	if( session->puser && session->puser->IsMemberOf(item.group_id) )
+	{
+		// group	
+		return ((item.privileges >> 3) & mask) == mask;
+	}
+	
+	// others
+	
+return (item.privileges & mask) == mask;
+}
+
+
+bool Request::HasReadAccess(const Item & item)
+{
+	return HasAccess(item, 4);	
+}
+
+
+bool Request::HasWriteAccess(const Item & item)
+{
+	return HasAccess(item, 2);	
+}
+
+bool Request::HasReadWriteAccess(const Item & item)
+{
+	return HasAccess(item, 6);	// r+w
+}
+
+
+bool Request::HasExecAccess(const Item & item)
+{
+	return HasAccess(item, 5);	// r+x
+}
+
+
+