<?php
/* vim: set tabstop=4 foldmethod=marker: */

# Class to retrieve and use permissions based on authorized user.
# PermAuth extends the PEAR::Auth class.  See
# http://pear.php.net/package/Auth for more information on the base
# class.
#	
# REQUIRES PHP version 5 or greater
#
# Addional options supported (see Auth documentation):
#     aPerms		- Perm definition=>value array;
#     permfield		- Name of field containing perms (default "perms")
#     permtable		- Name of table containing perms (default same as $options["table"] or "auth") 
#     permusercol	- Name of table field containing perm user (default same as $option["usernamecol"] or "username")
#
# Permissions are stored as strings in a comma-separated data field
# (permfield).
#
# PermAuth::getPerm()
#
# Synopsis:
#   
#   require_once("MDB.php");
#
#   array PermAuth::getPerm()
#
# Description:
#   
#   Returns an ordered array of the perm strings for the currently
#   logged-in user.
#
#
# PermAuth::hasPerm()
#
# Synopsis:
#
#   boolean PermAuth::hasPerm(string $testperm [, boolean $bitfield = True])
#
# Description:
#  
#   Determines whether the currently logged-in user has the permission
#   $testperm.  Two different methods are available to compute this.  If
#   $bitfield = True (the default), the permission values of the
#   current user (as defined in the $aPerms array) are ORed and the
#   result is ANDed with the perm value of $testperm.  If the result
#   is > 0, the method returns True, otherwise False.  If $bitfield is
#   False, the maximum permission value of the current user is
#   compared numerically with the value of $testperm.  If the current
#   user's max perm value is greater than or equal to the value of
#   $testperm, the method returns True, otherwise False.
#
#   If the perms array ($aPerms) assigns bitmasks with all bits set to
#   the defined perms (1, 3, 7, 15, etc.) these two methods are
#   equivalent.  If the defined perms contain numbers without respect
#   to bit positions (1, 2, 3, 4, 5 etc.) then the methods yield
#   different results.  Fairly complex permissions schema can be set
#   up using bitfields.
#
# Parameters:
#
#   string $testperm
#
#     Permission string against which to test the permissions of the
#     currently logged-in user.  $testperm should correspond to a key
#     in $aPerms, otherwise the method will always return False.
#
#   boolean $bitfield
#
#     If True, permissions are considered bitfields and a bitwise
#     comparison (logical AND) of $testperm with the ORed combination
#     of user perm values determines the return value of the method.
#     If $bitfield is False, the maximum user perm value is compared
#     numerically with $testperm to determine the result.
#   
# {{{ PermAuth class

require_once "Auth.php";
require_once "PEAR.php";
require_once "MDB2.php";

class PermAuth extends Auth {
	protected $aPerms;
	protected $permfield;
	protected $permtable;
	protected $permusernamecol;
	protected $dsn;
	private   $default_perms = array(
                            "user"       => 1,
                            "author"     => 2,
                            "editor"     => 4,
                            "supervisor" => 8,
                            "admin"      => 16
                          );
    # {{{ PermAuth Constructor
	function __construct($storageDriver, $options = "", $loginFunction = "", $showLogin = TRUE) {
		$this->dsn = $options["dsn"];
		if (isset($options["aPerms"])) { $this->aPerms = $options["aPerms"]; }
		else { $this->aPerms = $this->default_perms; }
		if (isset($options["permfield"])) { $this->permfield = $options["permfield"]; }
		else { $this->permfield = "perms"; }
		if (isset($options["permtable"])) { $this->permtable = $options["permtable"]; }
		elseif (isset($options["table"])) { $this->permtable = $options["table"]; }
		else { $this->permtable = "auth"; }
		if (isset($options["permusercol"])) { $this->permusernamecol = $options["permusercol"]; }
		elseif (isset($options["usernamecol"])) { $this->permusernamecol = $options["usernamecol"]; }
		else { $this->permusernamecol = "username"; }
		parent::__construct($storageDriver, $options, $loginFunction, $showLogin);
	}
    # }}}

    # {{{ PermAuth::getPerm
    # Return perm array for the currently logged in user
    #
    function getPerm() {
		$username = $this->getUsername();
		$mdb2 =& MDB2::factory($this->dsn);
		if (PEAR::isError($mdb2)) {
		    die("MDB2 Error: " . $mdb2->getMessage());
		}
		
		$query = "select ";
		$query .= $this->permfield;
		$query .= " from " . $this->permtable . " where ";
		$query .= $this->permusernamecol . "='" . $username . "'";
		$res =& $mdb2->query($query);
		if (PEAR::isError($res)) {
		    die("Query Error: " . $res->getMessage());
		}
		
		$allperm = $res->fetchOne(0);
		$auPerm = explode(",", $allperm);
        return $auPerm;
    }
    # }}}

    # {{{ PermAuth::hasPerm
	# determine whether or not the current user has a given perm
	function hasPerm($testperm, $bitcompare=True) {
		$auPerm = $this->getPerm();
		$pmask = 0;
        $qval = 0;
		foreach ($auPerm as $perm) {
			$pmask = $pmask | $this->aPerms[$perm];
            if ($this->aPerms[$perm] > $qval) $qval = $this->aPerms[$perm];
		}
		if (isset($this->aPerms[$testperm])) $tpval = $this->aPerms[$testperm];
		else return False;
        if ($bitcompare) {
		    return $tpval & $pmask ? True : False;
        } else {
            return $qval >= $tpval ? True : False;
        }   
	}
    # }}}
    
}	
# }}}
?>