<?phpif (!defined('BASEPATH')) exit('No direct script access allowed');classPermissionsModelextendsModel {functionPermissionsModel() {
parent::Model();
}
functionget_role_by_id($user_id) {
// we need to figure out what the lowest level data we're trying to access
// the ranks from highest to lowest: org, program, structure, session, division, league, team
// we access pages by getting all the IDs of their 'superiors' and seeing if anyone has those
// permission levels, either. if they do, they can access this page if their permission cascades
// this function returns an array of all the IDs we can get based on where we are.
// for instance, if we're at team #5, it tries to return the org it's in, the structure, div, etc.
$page_vars=$this->_get_variable_ids();$return_val['roles'] =array();$return_val['permissions'] =array();// get all permissons for this user. We'll use the process of elimination to figure out what
// they are eligible to do
$query=$this->db->getwhere('perm_assignments',array('user_id'=>$user_id));if (!$query) { $this->errors->add($this->db->_error_message());returnfalse; }
$perms=$query->result_array();foreach ($permsas$p) {
// remove all permissions that don't work for us
$match=true;// figure out what page we're on and how to eliminate roles
foreach (array_reverse($this->config->item('hierarchy')) as$idx=>$t) {
// we should be going backwards in the list now...
// if it's not set, treat it as null. if it's set and is zero or another id, don't propegate!
if (isset($p[$t.'_id']) &&isset($page_vars[$t.'_id']) &&$p[$t.'_id'] !=$page_vars[$t.'_id']) {
$match=false;break;
}
}
if ($match) $return_val['roles'][] =$p['role_id'];
}
// lets get whatever permissions we can get now for these roles!
if (!empty($return_val['roles'])) {
$perms=$this->get_perms_by_role($return_val['roles']);if ($perms!=false&&is_array($perms) &&!empty($perms)) {
$return_val['permissions'] =array_merge($return_val['permissions'], $perms);
}
}
print_a($page_vars);print_a($return_val);return$return_val;
}
/**
* return array of strings representing what permissions we have based on this role
*
* @param int $role_id or array $role_id
* @return array or false on error
*/functionget_perms_by_role($role_ids) {
if (empty($role_ids)) returnarray();if (is_array($role_ids)) {
foreach ($role_idsas$id) { $this->db->orwhere('role_id',$id); }
} else {
$this->db->where('role_id',$id);
}
$query=$this->db->get('perm_role_to_perm');if (!$query) { $this->errors->add($this->db->_error_message());returnfalse; }
$perm_array=$query->result_array();if (empty($perm_array)) returnarray();foreach ($perm_arrayas$perm) { $this->db->orwhere('id',$perm['permission_id']); }
$query=$this->db->get('perm_permissions');if (!$query) { $this->errors->add($this->db->_error_message());returnfalse; }
// go through the array and pull out just distinct string values
$return_val=array();foreach ($query->result_array() as$perm) { $return_val[] =$perm['permission']; }
returnarray_unique($return_val);
}
/**
* Return as much data about the page we're on (what IDs are its parents)
* return assoc array of ints
*/function_get_variable_ids() {
$returnval=array();$returnval['org_id'] =1;$returnval['program_id'] =1;$returnval['structure_id'] =1;$returnval['session_id'] =1;$returnval['division_id'] =16;$returnval['league_id'] =1;$returnval['team_id'] =1;return$returnval;
}
}
?>
Pastie << self Blog
