diff --git a/resources/lib/UnityPerms.php b/resources/lib/UnityPerms.php deleted file mode 100644 index 0c624408..00000000 --- a/resources/lib/UnityPerms.php +++ /dev/null @@ -1,161 +0,0 @@ -SQL = $SQL; - $this->USER = $USER; - } - - public function checkApproveUser($uid, $operated_on, $group) - { - if (!$this->USER->isInGroup($uid, $group)) { - return false; - } - - $role = $this->SQL->getRole($uid, $group); - - if ( - $this->SQL->hasPerm($role, "unity.admin") || - $this->SQL->hasPerm($role, "unity.admin_no_grant") - ) { - return true; - } - - if (!$this->SQL->hasPerm($role, "unity.approve_user")) { - return false; - } - - $operated_on_role = $this->SQL->getRole($operated_on, $group); - - if ( - $this->SQL->getPriority($operated_on_role) >= - $this->SQL->getPriority($role) - ) { - return false; - } - - return true; - } - - public function checkDenyUser($uid, $operated_on, $group) - { - if (!$this->USER->isInGroup($uid, $group)) { - return false; - } - - $role = $this->SQL->getRole($uid, $group); - - if ( - $this->SQL->hasPerm($role, "unity.admin") || - $this->SQL->hasPerm($role, "unity.admin_no_grant") - ) { - return true; - } - - if (!$this->SQL->hasPerm($role, "unity.deny_user")) { - return false; - } - - $operated_on_role = $this->SQL->getRole($operated_on, $group); - - if ( - $this->SQL->getPriority($operated_on_role) >= - $this->SQL->getPriority($role) - ) { - return false; - } - - return true; - } - - public function checkGrantRole($uid, $group, $role) - { - if (!$this->USER->isInGroup($uid, $group)) { - return false; - } - - if (!$this->SQL->roleAvailableInGroup($uid, $group, $role)) { - return false; - } - - $user_role = $this->SQL->getRole($uid, $group); - - if ( - $this->SQL->hasPerm($user_role, "unity.admin_no_grant") && - $role == "unity.admin" - ) { - return false; - } - - if ( - $this->SQL->hasPerm($user_role, "unity.admin") || - $this->SQL->hasPerm($user_role, "unity.admin_no_grant") - ) { - return true; - } - - if (!$this->SQL->hasPerm($user_role, "unity.grant_role")) { - return false; - } - - $role_to_grant = $this->SQL->getRole($role, $group); - - if ( - $this->SQL->getPriority($role_to_grant) >= - $this->SQL->getPriority($user_role) - ) { - return false; - } - - return true; - } - - public function checkRevokeRole($uid, $group, $role) - { - if (!$this->USER->isInGroup($uid, $group)) { - return false; - } - - if (!$this->SQL->roleAvailableInGroup($uid, $group, $role)) { - return false; - } - - $user_role = $this->SQL->getRole($uid, $group); - - if ( - $this->SQL->hasPerm($user_role, "unity.admin_no_grant") && - $role == "unity.admin" - ) { - return false; - } - - if ( - $this->SQL->hasPerm($user_role, "unity.admin") || - $this->SQL->hasPerm($user_role, "unity.admin_no_grant") - ) { - return true; - } - - if (!$this->SQL->hasPerm($user_role, "unity.revoke_role")) { - return false; - } - - $role_to_revoke = $this->SQL->getRole($role, $group); - - if ( - $this->SQL->getPriority($role_to_revoke) >= - $this->SQL->getPriority($user_role) - ) { - return false; - } - - return true; - } -} diff --git a/resources/lib/UnitySQL.php b/resources/lib/UnitySQL.php index b5a69106..3fcc5eac 100644 --- a/resources/lib/UnitySQL.php +++ b/resources/lib/UnitySQL.php @@ -11,12 +11,6 @@ class UnitySQL private const TABLE_PAGES = "pages"; private const TABLE_AUDIT_LOG = "audit_log"; private const TABLE_ACCOUNT_DELETION_REQUESTS = "account_deletion_requests"; - private const TABLE_GROUP_ROLES = "groupRoles"; - private const TABLE_GROUP_TYPES = "groupTypes"; - private const TABLE_GROUP_ROLE_ASSIGNMENTS = "groupRoleAssignments"; - private const TABLE_GROUP_REQUESTS = "groupRequests"; - private const TABLE_GROUP_JOIN_REQUESTS = "groupJoinRequests"; - // FIXME this string should be changed to something more intuitive, requires production change public const REQUEST_BECOME_PI = "admin"; @@ -339,72 +333,4 @@ public function deleteAccountDeletionRequest($uid) $stmt->bindParam(":uid", $uid); $stmt->execute(); } - - public function getRole($uid, $group) - { - $table = self::TABLE_GROUP_ROLE_ASSIGNMENTS; - $stmt = $this->conn->prepare( - "SELECT * FROM $table WHERE user=:uid AND `group`=:group", - ); - $stmt->bindParam(":uid", $uid); - $stmt->bindParam(":group", $group); - - $stmt->execute(); - - return $stmt->fetchAll()[0]["role"]; - } - - public function hasPerm($role, $perm) - { - $stmt = $this->conn->prepare( - "SELECT * FROM " . self::TABLE_GROUP_ROLES . " WHERE slug=:role", - ); - $stmt->bindParam(":role", $role); - - $stmt->execute(); - - $row = $stmt->fetchAll()[0]; - $perms = explode(",", $row["perms"]); - return in_array($perm, $perms); - } - - public function getPriority($role) - { - $stmt = $this->conn->prepare( - "SELECT * FROM " . self::TABLE_GROUP_ROLES . " WHERE slug=:role", - ); - $stmt->bindParam(":role", $role); - - $stmt->execute(); - - $row = $stmt->fetchAll()[0]; - return $row["priority"]; - } - - public function roleAvailableInGroup($uid, $group, $role) - { - $table = self::TABLE_GROUP_ROLE_ASSIGNMENTS; - $stmt = $this->conn->prepare( - "SELECT * FROM $table WHERE user=:uid AND `group`=:group", - ); - $stmt->bindParam(":uid", $uid); - $stmt->bindParam(":group", $group); - - $stmt->execute(); - $row = $stmt->fetchAll()[0]; - - $group_slug = $row["group"]; - - $stmt = $this->conn->prepare( - "SELECT * FROM " . self::TABLE_GROUP_TYPES . " WHERE slug=:slug", - ); - - $stmt->bindParam(":slug", $group_slug); - $stmt->execute(); - - $row = $stmt->fetchAll()[0]; - $roles = explode(",", $row["roles"]); - - return in_array($role, $roles); - } } diff --git a/tools/docker-dev/sql/bootstrap.sql b/tools/docker-dev/sql/bootstrap.sql index 2b2f7bf3..d8c6ac8d 100644 --- a/tools/docker-dev/sql/bootstrap.sql +++ b/tools/docker-dev/sql/bootstrap.sql @@ -75,80 +75,6 @@ DELIMITER ; -- -------------------------------------------------------- --- --- Table structure for table `groupJoinRequests` --- - -CREATE TABLE `groupJoinRequests` ( - `id` int(11) NOT NULL, - `group_name` varchar(768) NOT NULL, - `requestor` varchar(768) NOT NULL, - `requested_on` timestamp NOT NULL DEFAULT current_timestamp() -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; - --- -------------------------------------------------------- - --- --- Table structure for table `groupRequests` --- - -CREATE TABLE `groupRequests` ( - `id` int(11) NOT NULL, - `group_type` varchar(768) NOT NULL, - `group_name` varchar(768) NOT NULL, - `requestor` varchar(128) NOT NULL, - `requested_on` timestamp NOT NULL DEFAULT current_timestamp(), - `start_date` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00', - `end_date` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00' -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; - --- -------------------------------------------------------- - --- --- Table structure for table `groupRoleAssignments` --- - -CREATE TABLE `groupRoleAssignments` ( - `id` int(11) NOT NULL, - `user` varchar(128) NOT NULL, - `role` varchar(768) NOT NULL, - `group` varchar(768) NOT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; - --- -------------------------------------------------------- - --- --- Table structure for table `groupRoles` --- - -CREATE TABLE `groupRoles` ( - `id` int(11) NOT NULL, - `name` varchar(768) NOT NULL, - `slug` varchar(768) NOT NULL, - `priority` int(11) NOT NULL, - `color` varchar(768) NOT NULL, - `perms` varchar(768) NOT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; - --- -------------------------------------------------------- - --- --- Table structure for table `groupTypes` --- - -CREATE TABLE `groupTypes` ( - `id` int(11) NOT NULL, - `name` varchar(768) NOT NULL, - `slug` varchar(768) NOT NULL, - `color` varchar(768) NOT NULL, - `time_limited` tinyint(1) NOT NULL, - `def_role` varchar(768) NOT NULL, - `av_roles` varchar(768) NOT NULL, - `can_request` tinyint(1) NOT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; - --- -------------------------------------------------------- - -- -- Table structure for table `notices` -- @@ -223,36 +149,6 @@ ALTER TABLE `account_deletion_requests` ALTER TABLE `audit_log` ADD PRIMARY KEY (`id`); --- --- Indexes for table `groupJoinRequests` --- -ALTER TABLE `groupJoinRequests` - ADD PRIMARY KEY (`id`); - --- --- Indexes for table `groupRequests` --- -ALTER TABLE `groupRequests` - ADD PRIMARY KEY (`id`); - --- --- Indexes for table `groupRoleAssignments` --- -ALTER TABLE `groupRoleAssignments` - ADD PRIMARY KEY (`id`); - --- --- Indexes for table `groupRoles` --- -ALTER TABLE `groupRoles` - ADD PRIMARY KEY (`id`); - --- --- Indexes for table `groupTypes` --- -ALTER TABLE `groupTypes` - ADD PRIMARY KEY (`id`); - -- -- Indexes for table `notices` -- @@ -287,36 +183,6 @@ ALTER TABLE `account_deletion_requests` ALTER TABLE `audit_log` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT; --- --- AUTO_INCREMENT for table `groupJoinRequests` --- -ALTER TABLE `groupJoinRequests` - MODIFY `id` int(11) NOT NULL AUTO_INCREMENT; - --- --- AUTO_INCREMENT for table `groupRequests` --- -ALTER TABLE `groupRequests` - MODIFY `id` int(11) NOT NULL AUTO_INCREMENT; - --- --- AUTO_INCREMENT for table `groupRoleAssignments` --- -ALTER TABLE `groupRoleAssignments` - MODIFY `id` int(11) NOT NULL AUTO_INCREMENT; - --- --- AUTO_INCREMENT for table `groupRoles` --- -ALTER TABLE `groupRoles` - MODIFY `id` int(11) NOT NULL AUTO_INCREMENT; - --- --- AUTO_INCREMENT for table `groupTypes` --- -ALTER TABLE `groupTypes` - MODIFY `id` int(11) NOT NULL AUTO_INCREMENT; - -- -- AUTO_INCREMENT for table `notices` --