Skip to content
Snippets Groups Projects
Commit af51e825 authored by Jan-Hendrik Willms's avatar Jan-Hendrik Willms
Browse files

extend RolePersistence, fixes #2054

Closes #2054

Merge request studip/studip!1334
parent 549e6628
No related branches found
No related tags found
No related merge requests found
...@@ -22,7 +22,7 @@ class RolePersistence ...@@ -22,7 +22,7 @@ class RolePersistence
/** /**
* Returns all available roles. * Returns all available roles.
* *
* @return array Roles * @return Role[]|array{system: Role[], other: Role[]}
*/ */
public static function getAllRoles(bool $grouped = false): array public static function getAllRoles(bool $grouped = false): array
{ {
...@@ -111,7 +111,7 @@ class RolePersistence ...@@ -111,7 +111,7 @@ class RolePersistence
* *
* @param Role $role * @param Role $role
*/ */
public static function deleteRole($role) public static function deleteRole($role): bool
{ {
$id = $role->getRoleid(); $id = $role->getRoleid();
$name = $role->getRolename(); $name = $role->getRolename();
...@@ -121,7 +121,7 @@ class RolePersistence ...@@ -121,7 +121,7 @@ class RolePersistence
$statement->execute([$id]); $statement->execute([$id]);
$statement->setFetchMode(PDO::FETCH_COLUMN, 0); $statement->setFetchMode(PDO::FETCH_COLUMN, 0);
DBManager::get()->execute( $result = DBManager::get()->execute(
"DELETE `roles`, `roles_user`, `roles_plugins`, `roles_studipperms` "DELETE `roles`, `roles_user`, `roles_plugins`, `roles_studipperms`
FROM `roles` FROM `roles`
LEFT JOIN `roles_user` USING (`roleid`) LEFT JOIN `roles_user` USING (`roleid`)
...@@ -131,6 +131,10 @@ class RolePersistence ...@@ -131,6 +131,10 @@ class RolePersistence
[$id] [$id]
); );
if ($result === 0) {
return false;
}
// sweep roles cache // sweep roles cache
self::expireRolesCache(); self::expireRolesCache();
self::expireUserCache(); self::expireUserCache();
...@@ -140,6 +144,27 @@ class RolePersistence ...@@ -140,6 +144,27 @@ class RolePersistence
} }
NotificationCenter::postNotification('RoleDidDelete', $id, $name); NotificationCenter::postNotification('RoleDidDelete', $id, $name);
return true;
}
/**
* Delete role by name if not a permanent role. System roles cannot be
* deleted.
*
* @param string $role_name
*
* @return bool
*/
public static function deleteRoleByName(string $role_name): bool
{
foreach (self::getAllRoles() as $role) {
if ($role->getRolename() === $role_name) {
return self::deleteRole($role);
}
}
return false;
} }
/** /**
...@@ -174,6 +199,44 @@ class RolePersistence ...@@ -174,6 +199,44 @@ class RolePersistence
); );
} }
/**
* Assigns a role to a stud.ip permission. System roles cannot be assigned
* to permissions.
*
* @param string $perm
* @param Role $role
*
* @return bool
* @throws Exception
*/
public static function assignRoleToPerm(string $perm, Role $role): bool
{
if ($role->getSystemtype()) {
throw new Exception('Cannot assign system roles to permissions.');
}
if (!in_array($perm, ['user', 'autor', 'tutor', 'dozent', 'admin', 'root'])) {
throw new Exception("Invalid permission {$perm}");
}
$query = "INSERT INTO `roles_studipperms` (`roleid`, `permname`)
VALUES (?, ?)";
$result = DBManager::get()->execute($query, [$role->getRoleid(), $perm]);
if ($result === 0) {
return false;
}
User::findEachByPerms(
function (User $user) {
self::expireUserCache($user->id);
},
$perm
);
return true;
}
/** /**
* Gets all assigned roles from the database for a user * Gets all assigned roles from the database for a user
* *
...@@ -307,6 +370,46 @@ class RolePersistence ...@@ -307,6 +370,46 @@ class RolePersistence
); );
} }
/**
* Removes a role from a stud.ip permission. System roles cannot be removed
* from permissions.
*
* @param string $perm
* @param Role $role
*
* @return bool
* @throws Exception
*/
public static function deleteRoleAssignmentFromPerm(string $perm, Role $role): bool
{
if ($role->getSystemtype()) {
throw new Exception('Cannot remove system role assignment from permissions.');
}
if (!in_array($perm, ['user', 'autor', 'tutor', 'dozent', 'admin', 'root'])) {
throw new Exception("Invalid permission {$perm}");
}
$query = "DELETE FROM `roles_studipperms`
WHERE `roleid` = ?
AND `permname` = ?";
$result = DBManager::get()->execute($query, [$role->getRoleid(), $perm]);
if ($result === 0) {
return false;
}
User::findEachByPerms(
function (User $user) {
self::expireUserCache($user->id);
},
$perm
);
return true;
}
/** /**
* Get's all Role-Assignments for a certain user. * Get's all Role-Assignments for a certain user.
* If no user is set, all role assignments are returned. * If no user is set, all role assignments are returned.
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment