Skip to content
Snippets Groups Projects
Commit af51e825 authored by Jan-Hendrik Willms's avatar Jan-Hendrik Willms
Browse files

extend RolePersistence, fixes #2054 

Closes #2054

Merge request studip/studip!1334
parent 549e6628
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/plugins/db/RolePersistence.class.php
+ 106
3
View file @ af51e825
......@@ -22,7 +22,7 @@ class RolePersistence
/**
* Returns all available roles.
*
* @return array Roles
* @return Role[]|array{system: Role[], other: Role[]}
*/
public static function getAllRoles(bool $grouped = false): array
{
......@@ -111,7 +111,7 @@ class RolePersistence
*
* @param Role $role
*/
public static function deleteRole($role)
public static function deleteRole($role): bool
{
$id = $role->getRoleid();
$name = $role->getRolename();
......@@ -121,7 +121,7 @@ class RolePersistence
$statement->execute([$id]);
$statement->setFetchMode(PDO::FETCH_COLUMN, 0);
DBManager::get()->execute(
$result = DBManager::get()->execute(
"DELETE `roles`, `roles_user`, `roles_plugins`, `roles_studipperms`
FROM `roles`
LEFT JOIN `roles_user` USING (`roleid`)
......@@ -131,6 +131,10 @@ class RolePersistence
[$id]
);
if ($result === 0) {
return false;
}
// sweep roles cache
self::expireRolesCache();
self::expireUserCache();
......@@ -140,6 +144,27 @@ class RolePersistence
}
NotificationCenter::postNotification('RoleDidDelete', $id, $name);
return true;
}
/**
* Delete role by name if not a permanent role. System roles cannot be
* deleted.
*
* @param string $role_name
*
* @return bool
*/
public static function deleteRoleByName(string $role_name): bool
{
foreach (self::getAllRoles() as $role) {
if ($role->getRolename() === $role_name) {
return self::deleteRole($role);
}
}
return false;
}
/**
......@@ -174,6 +199,44 @@ class RolePersistence
);
}
/**
* Assigns a role to a stud.ip permission. System roles cannot be assigned
* to permissions.
*
* @param string $perm
* @param Role $role
*
* @return bool
* @throws Exception
*/
public static function assignRoleToPerm(string $perm, Role $role): bool
{
if ($role->getSystemtype()) {
throw new Exception('Cannot assign system roles to permissions.');
}
if (!in_array($perm, ['user', 'autor', 'tutor', 'dozent', 'admin', 'root'])) {
throw new Exception("Invalid permission {$perm}");
}
$query = "INSERT INTO `roles_studipperms` (`roleid`, `permname`)
VALUES (?, ?)";
$result = DBManager::get()->execute($query, [$role->getRoleid(), $perm]);
if ($result === 0) {
return false;
}
User::findEachByPerms(
function (User $user) {
self::expireUserCache($user->id);
},
$perm
);
return true;
}
/**
* Gets all assigned roles from the database for a user
*
......@@ -307,6 +370,46 @@ class RolePersistence
);
}
/**
* Removes a role from a stud.ip permission. System roles cannot be removed
* from permissions.
*
* @param string $perm
* @param Role $role
*
* @return bool
* @throws Exception
*/
public static function deleteRoleAssignmentFromPerm(string $perm, Role $role): bool
{
if ($role->getSystemtype()) {
throw new Exception('Cannot remove system role assignment from permissions.');
}
if (!in_array($perm, ['user', 'autor', 'tutor', 'dozent', 'admin', 'root'])) {
throw new Exception("Invalid permission {$perm}");
}
$query = "DELETE FROM `roles_studipperms`
WHERE `roleid` = ?
AND `permname` = ?";
$result = DBManager::get()->execute($query, [$role->getRoleid(), $perm]);
if ($result === 0) {
return false;
}
User::findEachByPerms(
function (User $user) {
self::expireUserCache($user->id);
},
$perm
);
return true;
}
/**
* Get's all Role-Assignments for a certain user.
* If no user is set, all role assignments are returned.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment