PageRenderTime 68ms CodeModel.GetById 28ms RepoModel.GetById 1ms app.codeStats 0ms

/include/engine/shPermissions.class.php

https://bitbucket.org/k_shehadeh/filenexus
PHP | 877 lines | 665 code | 78 blank | 134 comment | 153 complexity | adc5bc9e7f68b1c4b97d2e5a711f832c MD5 | raw file
Possible License(s): GPL-3.0
  1. <?php
  2. /*
  3. * Nexus is a web-based file management application.
  4. * Copyright (C) Karim Shehadeh
  5. *
  6. * This program is free software; you can redistribute it and/or
  7. * modify it under the terms of the GNU General Public License
  8. * as published by the Free Software Foundation; either version 2
  9. * of the License, or (at your option) any later version.
  10. *
  11. * This program is distributed in the hope that it will be useful,
  12. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14. * GNU General Public License for more details.
  15. *
  16. * You should have received a copy of the GNU General Public License
  17. * along with this program; if not, write to the Free Software
  18. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  19. */
  20. /**
  21. * @desc The permissions object stores all possible permissions for a single user
  22. * and is to be used in conjuction with the shCompanyGroupPair object
  23. */
  24. class shPermissions
  25. {
  26. // USER PERMISSIONS
  27. public $allowUserChangeSettings = false;
  28. public $allowUserAddFileBoxDocument = false;
  29. public $allowUserEditFileBoxDocument = false;
  30. public $allowUserDeleteFileBoxDocument = false;
  31. // DOMAIN PERMISSIONS
  32. public $allowDomainChangeSettings = false;
  33. public $allowDomainAddDocument = false;
  34. public $allowDomainEditDocument = false;
  35. public $allowDomainDeleteDocument = false;
  36. public $allowDomainAddGroup = false;
  37. public $allowDomainEditGroup = false;
  38. public $allowDomainDeleteGroup = false;
  39. public $allowDomainAddUser = false;
  40. public $allowDomainEditUser = false;
  41. public $allowDomainDeleteUser = false;
  42. public $allowDomainViewReports = false;
  43. public $allowDomainViewTrash = false;
  44. public $allowDomainRestoreTrash = false;
  45. public $allowDomainDeletePermanently = false;
  46. public $allowDomainSendGroupMail = false;
  47. // DOMAIN GROUP PERMISSIONS
  48. public $allowDomainGroupChangeSettings = false;
  49. public $allowDomainGroupAddDocument = false;
  50. public $allowDomainGroupEditDocument = false;
  51. public $allowDomainGroupDeleteDocument = false;
  52. public $allowDomainGroupAddUser = false;
  53. public $allowDomainGroupEditUser = false;
  54. public $allowDomainGroupDeleteUser = false;
  55. public $allowDomainGroupViewReports = false;
  56. public $allowDomainGroupViewTrash = false;
  57. public $allowDomainGroupRestoreTrash = false;
  58. public $allowDomainGroupDeletePermanently = false;
  59. public $allowDomainGroupSendGroupMail = false;
  60. // GLOBAL PERMISSIONS
  61. public $allowGlobalChangeSettings = false;
  62. public $allowGlobalAddCompany = false;
  63. public $allowGlobalEditCompany = false;
  64. public $allowGlobalDeleteCompany = false;
  65. public $allowGlobalAddDocument = false;
  66. public $allowGlobalEditDocument = false;
  67. public $allowGlobalDeleteDocument = false;
  68. public $allowGlobalAddGroup = false;
  69. public $allowGlobalEditGroup = false;
  70. public $allowGlobalDeleteGroup = false;
  71. public $allowGlobalAddUser = false;
  72. public $allowGlobalEditUser = false;
  73. public $allowGlobalDeleteUser = false;
  74. public $allowGlobalAddCategory = false;
  75. public $allowGlobalEditCategory = false;
  76. public $allowGlobalDeleteCategory = false;
  77. public $allowGlobalViewTrash = false;
  78. public $allowGlobalRestoreTrash = false;
  79. public $allowGlobalDeletePermanently = false;
  80. public $allowGlobalViewReports = false;
  81. public $allowGlobalFileBoxEditDocument = false;
  82. public $allowGlobalFileBoxDeleteDocument = false;
  83. public $allowGlobalSendGroupMail = false;
  84. /**
  85. * @desc Takes the data given in the array and sets the appropriate
  86. * variables in this object.
  87. * @param array $rowData An associative array where each key is a
  88. * permission field name in the user table and the value is that
  89. * permission value.
  90. */
  91. public function load ($rowData)
  92. {
  93. $vars = array_keys(get_object_vars($this));
  94. foreach ($rowData as $key=>$value)
  95. {
  96. if (in_array($key,$vars))
  97. {
  98. $this->$key = $value;
  99. }
  100. }
  101. }
  102. /**
  103. * @desc Takes the data stored in this object and adds it to the given
  104. * array as associative keys that match the permission field
  105. * names in theuser table.
  106. * @param array $rowData On output, contains permission information.
  107. */
  108. public function store(&$rowData)
  109. {
  110. $props = get_object_vars($this);
  111. foreach ($props as $key=>$value)
  112. {
  113. $rowData[$key] = $value;
  114. }
  115. }
  116. /**
  117. * Maps the list of permissions to an easy to read 'permission group'
  118. * like USER_TYPE_ADMIN or USER_TYPE_REGISTERED.
  119. * @return int Returns one of the USER_TYPE_XXX constants.
  120. */
  121. public function getPermissionGroup()
  122. {
  123. // GLOBAL PERMISSIONS
  124. $globalTrues = 0;
  125. $domainTrues = 0;
  126. $groupTrues = 0;
  127. $userTrues = 0;
  128. $globalAll = 0;
  129. $domainAll = 0;
  130. $groupAll = 0;
  131. $userAll = 0;
  132. $props = get_object_vars($this);
  133. foreach ($props as $key=>$value)
  134. {
  135. if (stripos($key,'allowGlobal') !== false)
  136. {
  137. $globalAll++;
  138. if ($value == true)
  139. {
  140. $globalTrues++;
  141. }
  142. }
  143. else if (stripos($key,'allowUser') !== false)
  144. {
  145. $userAll++;
  146. if ($value == true)
  147. {
  148. $userTrues++;
  149. }
  150. }
  151. else if (stripos($key,'allowDomainGroup') !== false)
  152. {
  153. $groupAll++;
  154. if ($value == true)
  155. {
  156. $groupTrues++;
  157. }
  158. }
  159. else if (stripos($key,'allowDomain') !== false)
  160. {
  161. $domainAll++;
  162. if ($value == true)
  163. {
  164. $domainTrues++;
  165. }
  166. }
  167. }
  168. //echo $globalTrues.'|'.$domainTrues.'|'.$userTrues.'|'.$groupTrues;
  169. //echo '<br>'.$globalAll.'|'.$domainAll.'|'.$userAll.'|'.$groupAll;
  170. if (($globalTrues + $domainTrues + $userTrues + $groupTrues) ==
  171. ($groupAll + $domainAll + $userAll + $globalAll))
  172. {
  173. return USER_TYPE_ADMIN;
  174. }
  175. if (($domainTrues + $groupTrues + $userTrues) ==
  176. ($groupAll + $domainAll + $userAll))
  177. {
  178. return USER_TYPE_DOMAIN_ADMIN;
  179. }
  180. if (($groupTrues + $userTrues) ==
  181. ($groupAll + $userAll))
  182. {
  183. return USER_TYPE_DOMAIN_GROUP_ADMIN;
  184. }
  185. if ($userTrues == $userAll)
  186. {
  187. return USER_TYPE_REGISTERED;
  188. }
  189. return USER_TYPE_CUSTOM;
  190. }
  191. public function isAllowed($action, $id)
  192. {
  193. $user = app()->getLoggedInUserObject();
  194. $auth = AUTH_NOOP;
  195. nx_fire_event('EVENT_AUTHORIZATION_NEEDED',array('action'=>$action,'id'=>$id,'auth'=>&$auth));
  196. if ($auth != AUTH_NOOP)
  197. {
  198. if ($auth == AUTH_ALLOW)
  199. {
  200. return true;
  201. }
  202. else if ($auth == AUTH_DENY)
  203. {
  204. return false;
  205. }
  206. }
  207. switch ($action)
  208. {
  209. case URLACTION_USERMANAGER:
  210. $permGroup = $this->getPermissionGroup();
  211. return ($permGroup == USER_TYPE_ADMIN ||
  212. $permGroup == USER_TYPE_DOMAIN_ADMIN ||
  213. $permGroup == USER_TYPE_DOMAIN_GROUP_ADMIN);
  214. case URLACTION_DOCMANAGER:
  215. $permGroup = $this->getPermissionGroup();
  216. return ($permGroup == USER_TYPE_ADMIN);
  217. case URLACTION_PLUGINS:
  218. {
  219. return ($this->getPermissionGroup() == USER_TYPE_ADMIN);
  220. }
  221. case URLACTION_SERVER_INFO:
  222. {
  223. if ($this->getPermissionGroup() == USER_TYPE_ADMIN)
  224. {
  225. return true;
  226. }
  227. return false;
  228. }
  229. case URLACTION_BROWSEBYCAT:
  230. {
  231. return true;
  232. }
  233. case URLACTION_MODUSER:
  234. {
  235. if ($id)
  236. {
  237. if ($this->allowGlobalEditUser)
  238. {
  239. return true;
  240. }
  241. else
  242. {
  243. if ($this->allowUserChangeSettings &&
  244. ($id == $user->get(PROP_USERNAME)))
  245. {
  246. // user can edit himself
  247. return true;
  248. }
  249. else
  250. {
  251. $userToView = new shUser;
  252. $userToView->set(PROP_USERNAME,$id);
  253. if ($userToView->load())
  254. {
  255. if ($this->allowDomainEditUser)
  256. {
  257. if ($userToView->getCompany()->get(PROP_ID) == $user->getCompany()->get(PROP_ID))
  258. {
  259. return true;
  260. }
  261. }
  262. else if ($this->allowDomainGroupEditUser)
  263. {
  264. if ($user->userHasMatchingDomain($userToView))
  265. {
  266. return true;
  267. }
  268. }
  269. }
  270. }
  271. }
  272. return false;
  273. }
  274. else
  275. {
  276. // If there are restrictions regarding
  277. // *where* the user can be added, that
  278. // will be handled in the form object.
  279. $val =
  280. $this->allowDomainAddUser ||
  281. $this->allowDomainGroupAddUser ||
  282. $this->allowGlobalAddUser;
  283. return $val;
  284. }
  285. }
  286. case URLACTION_MODCAT:
  287. {
  288. if ($id)
  289. {
  290. // Editing category
  291. if ($this->allowGlobalEditCategory)
  292. {
  293. return true;
  294. }
  295. else if ($this->getPermissionGroup() == USER_TYPE_DOMAIN_ADMIN)
  296. {
  297. return shAuthorize::canViewCategory($user->get(PROP_USERNAME),$id);
  298. }
  299. else if ($this->getPermissionGroup() == USER_TYPE_DOMAIN_GROUP_ADMIN)
  300. {
  301. $cat = new shCategory;
  302. if ($cat->loadId($id))
  303. {
  304. return $cat->doesDomainHaveAccess($user->getCompany()->id,$user->getGroup()->id);
  305. }
  306. }
  307. return false;
  308. }
  309. else
  310. {
  311. // Adding category
  312. return $this->allowGlobalAddCategory;
  313. }
  314. }
  315. case URLACTION_VIEWDOC:
  316. if ($id != '')
  317. {
  318. return shAuthorize::canViewDocument($user->get(PROP_USERNAME),$id);
  319. }
  320. else
  321. {
  322. // Displaying the list of docuements so allow - the lister will
  323. // handle filtering out those documents that the user can't see.
  324. return true;
  325. }
  326. case URLACTION_MODDOC:
  327. {
  328. if ($id)
  329. {
  330. // Editing document
  331. if ($this->allowGlobalEditDocument)
  332. {
  333. return true;
  334. }
  335. else if ($this->allowDomainEditDocument)
  336. {
  337. // check to see if this document
  338. // is in the domain.
  339. return shAuthorize::canDomainViewDocument(
  340. $id,
  341. $user->getCompany()->get(PROP_ID),
  342. 0);
  343. }
  344. else if ($this->allowDomainGroupEditDocument)
  345. {
  346. // check to see if this document
  347. // is in the group domain
  348. return shAuthorize::canDomainViewDocument(
  349. $id,
  350. $user->getCompany()->get(PROP_ID),
  351. $user->getGroup()->get(PROP_ID));
  352. }
  353. else
  354. {
  355. return false;
  356. }
  357. }
  358. else
  359. {
  360. // Restrictions to location handled
  361. // in form code.
  362. return $this->allowDomainAddDocument ||
  363. $this->allowDomainGroupAddDocument ||
  364. $this->allowGlobalAddDocument;
  365. }
  366. }
  367. case URLACTION_MODCOMPANY:
  368. {
  369. if ($id)
  370. {
  371. if (($this->getPermissionGroup() == USER_TYPE_DOMAIN_ADMIN) &&
  372. ($id == $user->getCompany()->get(PROP_ID)))
  373. {
  374. return true;
  375. }
  376. else
  377. {
  378. return $this->allowGlobalEditCompany;
  379. }
  380. }
  381. else
  382. {
  383. return $this->allowGlobalAddCompany;
  384. }
  385. }
  386. case URLACTION_MODGROUP:
  387. {
  388. if ($id)
  389. {
  390. if ($this->allowGlobalEditGroup)
  391. {
  392. return true;
  393. }
  394. else if ($this->allowDomainEditGroup)
  395. {
  396. // Is this group tied to the user's company
  397. // or is it one of the free groups that
  398. // can be used by any company. If the
  399. // latter is true, then the user cannot
  400. // edit it.
  401. $group = new shGroup;
  402. $group->set(PROP_ID,$id);
  403. if ($group->load())
  404. {
  405. if ($group->get(PROP_COMPANY_ID) == $user->getCompany()->get(PROP_ID))
  406. {
  407. return true;
  408. }
  409. }
  410. }
  411. }
  412. else
  413. {
  414. // Appropriate restrictions will be placed on the new group
  415. // in the form object code.
  416. return ($this->allowGlobalAddGroup || $this->allowDomainAddGroup);
  417. }
  418. }
  419. case URLACTION_MOD_POOL:
  420. {
  421. if ($id)
  422. {
  423. if ($this->allowGlobalFileBoxEditDocument)
  424. {
  425. // Global permissions to edit any filebox doc
  426. return true;
  427. }
  428. else if ($this->allowUserEditFileBoxDocument)
  429. {
  430. $fileboxDocument = new shPoolItem;
  431. $fileboxDocument->loadId($id);
  432. if ($fileboxDocument->get(PROP_USERNAME) ==
  433. $user->get(PROP_USERNAME))
  434. {
  435. // Can edit own filebox documents
  436. return true;
  437. }
  438. else
  439. {
  440. return false;
  441. }
  442. }
  443. }
  444. else
  445. {
  446. // Users can always add their own filebox documents.
  447. return $this->allowUserAddFileBoxDocument;
  448. }
  449. }
  450. case URLACTION_DELUSER:
  451. {
  452. if ($this->allowGlobalDeleteUser)
  453. {
  454. return true;
  455. }
  456. else if ($this->allowDomainDeleteUser || $this->allowDomainGroupDeleteUser)
  457. {
  458. $userToDelete = new shUser;
  459. $userToDelete->set(PROP_USERNAME,$id);
  460. if ($userToDelete->load())
  461. {
  462. if ($this->allowDomainDeleteUser)
  463. {
  464. // Domain admins can delete users in their own company
  465. if ($userToDelete->getCompany()->get(PROP_ID) == $user->getCompany()->get(PROP_ID))
  466. {
  467. return true;
  468. }
  469. }
  470. else if ($this->allowDomainGroupDeleteUser)
  471. {
  472. // Domain group admins can delete users in their company and group
  473. if (($userToDelete->getCompany()->get(PROP_ID) == $user->getCompany()->get(PROP_ID)) &&
  474. ($userToDelete->getGroup()->get(PROP_ID) == $user->getGroup()->get(PROP_ID)))
  475. {
  476. return true;
  477. }
  478. }
  479. }
  480. }
  481. return false;
  482. }
  483. case URLACTION_DELCAT:
  484. {
  485. if ($this->allowGlobalDeleteCategory)
  486. {
  487. return true;
  488. }
  489. return false;
  490. }
  491. case URLACTION_DELDOC:
  492. {
  493. if ($this->allowGlobalDeleteDocument)
  494. {
  495. return true;
  496. }
  497. else if ($this->allowDomainDeleteDocument)
  498. {
  499. // check to see if this document
  500. // is in the domain.
  501. return shAuthorize::canDomainViewDocument(
  502. $id,
  503. $user->getCompany()->get(PROP_ID),
  504. 0);
  505. }
  506. else if ($this->allowDomainGroupDeleteDocument)
  507. {
  508. // check to see if this document
  509. // is in the group domain
  510. return shAuthorize::canDomainViewDocument(
  511. $id,
  512. $user->getCompany()->get(PROP_ID),
  513. $user->getGroup()->get(PROP_ID));
  514. }
  515. return false;
  516. }
  517. case URLACTION_DELCOMPANY:
  518. {
  519. return $this->allowGlobalDeleteCompany;
  520. }
  521. case URLACTION_DELGROUP:
  522. {
  523. return $this->allowGlobalDeleteGroup;
  524. }
  525. case URLACTION_DELPOOLITEM:
  526. if ($this->allowGlobalFileBoxDeleteDocument)
  527. {
  528. return true;
  529. }
  530. else
  531. {
  532. return shAuthorize::canDeletePoolItem
  533. ($user->get(PROP_USERNAME), $id);
  534. }
  535. case URLACTION_VIEWTRASH:
  536. {
  537. if ($this->allowGlobalViewTrash ||
  538. $this->allowDomainViewTrash ||
  539. $this->allowDomainGroupViewTrash)
  540. {
  541. // View code will handle filtering out items
  542. // that are not available to the current user.
  543. return true;
  544. }
  545. }
  546. case URLACTION_EMPTYTRASH:
  547. {
  548. if ($this->allowGlobalDeletePermanently ||
  549. $this->allowDomainDeletePermanently ||
  550. $this->allowDomainGroupDeletePermanently)
  551. {
  552. // View code will handle filtering out items
  553. // that are not available to the current user.
  554. return true;
  555. }
  556. }
  557. case URLACTION_RESTORE:
  558. {
  559. if ($this->allowGlobalRestoreTrash ||
  560. $this->allowDomainRestoreTrash ||
  561. $this->allowDomainGroupRestoreTrash)
  562. {
  563. // View code will handle filtering out items
  564. // that are not available to the current user.
  565. return true;
  566. }
  567. }
  568. case URLACTION_VIEWCAT:
  569. // This will be limited in the code that displays
  570. // files for this category.
  571. return true;
  572. case URLACTION_VIEWCOMPANY:
  573. if ($this->allowGlobalEditCompany)
  574. {
  575. return true;
  576. }
  577. else if ($this->getPermissionGroup() == USER_TYPE_DOMAIN_ADMIN)
  578. {
  579. if ($user->getCompany()->get(PROP_ID) == $id)
  580. {
  581. return true;
  582. }
  583. }
  584. return false;
  585. case URLACTION_VIEWGROUP:
  586. if ($id == 0 || $id == '')
  587. {
  588. // Trying to view all groups
  589. return $this->allowGlobalEditGroup;
  590. }
  591. else
  592. {
  593. if ($this->allowGlobalEditGroup)
  594. {
  595. return true;
  596. }
  597. else if ($this->allowDomainEditGroup)
  598. {
  599. // The user has the ability to edit groups
  600. // in a domain. Let's check to see if the group
  601. // is part of the current's user's organization
  602. $org = $user->getCompany();
  603. if ($org)
  604. {
  605. if ($org->findGroup($id))
  606. {
  607. // The group is part of the organization
  608. // so go ahead and allow this view.
  609. return true;
  610. }
  611. }
  612. }
  613. else if ($this->allowDomainGroupEditGroup)
  614. {
  615. if ($user->getGroup()->get(PROP_ID) == $id)
  616. {
  617. return true;
  618. }
  619. }
  620. }
  621. return false;
  622. case URLACTION_VIEWATTRIB:
  623. // This lists information about the attribute (tag). We
  624. // allow it for anyone and just have the code that displays
  625. // handle hiding info that isn't available to the user.
  626. return true;
  627. case URLACTION_VIEWUSER:
  628. if ($id == '')
  629. {
  630. if ($this->allowGlobalEditUser ||
  631. $this->allowDomainGroupEditUser ||
  632. $this->allowDomainEditUser)
  633. {
  634. // The lister will filter out users
  635. // which this user cannot see.
  636. return true;
  637. }
  638. else
  639. {
  640. return false;
  641. }
  642. }
  643. else
  644. {
  645. return $this->isAllowed (URLACTION_MODUSER,$id);
  646. }
  647. case URLACTION_SENDMAIL_TO_GROUP:
  648. // The form will restrict to which group
  649. // mail can be sent.
  650. return ($this->allowDomainSendGroupMail ||
  651. $this->allowDomainGroupSendGroupMail ||
  652. $this->allowGlobalSendGroupMail);
  653. case URLACTION_VIEWMOD:
  654. // the lister for this data will filter out
  655. // inaccessible items.
  656. return $this->allowGlobalViewReports ||
  657. $this->allowDomainViewReports ||
  658. $this->allowDomainGroupViewReports;
  659. case URLACTION_VIEWUSAGE:
  660. // the lister for this data will filter out
  661. // inaccessible items.
  662. return $this->allowGlobalViewReports ||
  663. $this->allowDomainViewReports ||
  664. $this->allowDomainGroupViewReports;
  665. case URLACTION_VIEWPOOL:
  666. if ($id == '')
  667. {
  668. // Anyone can view the item pool though only admin
  669. // users will be able to see items thatuploaded
  670. // by others (handled elsewhere).
  671. return $this->allowUserAddFileBoxDocument ||
  672. $this->allowGlobalFileBoxEditDocument;
  673. }
  674. else
  675. {
  676. $permGroup = $this->getPermissionGroup();
  677. if ($permGroup == USER_TYPE_ADMIN)
  678. {
  679. // Super admin can see anything
  680. return true;
  681. }
  682. else
  683. {
  684. // Users can only see their own filebox documents or
  685. // filebox that are shared with them.
  686. $username = $user->get(PROP_USERNAME);
  687. if (shAuthorize::canDownloadPoolItem($username,$id))
  688. {
  689. return true;
  690. }
  691. else
  692. {
  693. return false;
  694. }
  695. }
  696. }
  697. case URLACTION_VIEWBIN:
  698. // Anyone can view the bin
  699. return true;
  700. case URLACTION_BROWSELIBRARY:
  701. return true;
  702. case URLACTION_BROWSEBYORG:
  703. return $this->allowGlobalEditCompany &&
  704. $this->allowGlobalEditGroup;
  705. case URLACTION_SETTINGS:
  706. return $this->allowGlobalChangeSettings;
  707. case URLACTION_PURGEHISTORY:
  708. return $this->allowGlobalChangeSettings;
  709. default:
  710. return true;
  711. }
  712. }
  713. }
  714. /**
  715. * @desc Creates a permissions object that allows the user
  716. * to do anything in the system (super admin)
  717. * @return shPermissions Returns permissions object with correctly
  718. * set permissions
  719. */
  720. function makeSuperAdminPermissions()
  721. {
  722. $perm = new shPermissions;
  723. $props = get_object_vars($perm);
  724. foreach ($props as $key=>$value)
  725. {
  726. $perm->$key = true;
  727. }
  728. return $perm;
  729. }
  730. /**
  731. * @desc Creates a permissions object that allows the user
  732. * to do anything in his own group (group admin)
  733. * @return shPermissions Returns permissions object with correctly
  734. * set permissions
  735. */
  736. function makeGroupAdminPermissions()
  737. {
  738. $perm = new shPermissions;
  739. $props = get_object_vars($perm);
  740. foreach ($props as $key=>$value)
  741. {
  742. if (stripos($key,'allowUser') !== false)
  743. {
  744. $perm->$key = true;
  745. }
  746. else if (stripos($key,'allowDomainGroup') !== false)
  747. {
  748. $perm->$key = true;
  749. }
  750. }
  751. return $perm;
  752. }
  753. /**
  754. * @desc Creates a permissions object that allows the user
  755. * to do anything in his own company (org admin)
  756. * @return shPermissions Returns permissions object with correctly
  757. * set permissions
  758. */
  759. function makeDomainAdminPermissions()
  760. {
  761. $perm = new shPermissions;
  762. $props = get_object_vars($perm);
  763. foreach ($props as $key=>$value)
  764. {
  765. if (stripos($key,'allowUser') !== false)
  766. {
  767. $perm->$key = true;
  768. }
  769. else if (stripos($key,'allowDomainGroup') !== false)
  770. {
  771. $perm->$key = true;
  772. }
  773. else if (stripos($key,'allowDomain') !== false)
  774. {
  775. $perm->$key = true;
  776. }
  777. }
  778. return $perm;
  779. }
  780. /**
  781. * @desc Creates a permissions object that allows the user
  782. * to have standard registered user permissions(registered user)
  783. * @return shPermissions Returns permissions object with correctly
  784. * set permissions
  785. */
  786. function makeUserPermissions()
  787. {
  788. $perm = new shPermissions;
  789. $props = get_object_vars($perm);
  790. foreach ($props as $key=>$value)
  791. {
  792. if (stripos($key,'allowUser') !== false)
  793. {
  794. $perm->$key = true;
  795. }
  796. }
  797. return $perm;
  798. }
  799. ?>