modules/permissions_api/permissions_api.module

<?php
// $Id: permissions_api.module,v 1.10 2009/06/16 12:13:41 ebeyrent Exp $

/**
 * @file
 * Provides functions for granting and revoking permissions for given roles
 */

/**
 * Helper function to grant permissions to a role.
 */
function permissions_grant_permissions($role_name, $new_permissions) {
  $permissions = array();
  $updated_permissions = '';
  $role = permissions_get_role($role_name);
  if (count($new_permissions) > 0) {
    // Fetch the permissions string for the given role id
    $permissions = permissions_get_permissions_for_role($role->name);
    // Check to see if there are existing permissions
    if(count($permissions) > 0) {
      // Add the new permissions if the role doesn't already have the permission
      foreach($new_permissions as $permission) {
        if(! in_array($permission, $permissions)) {
          $permissions[] = trim($permission);
        }
      }

      // rebuild the permission string
      $updated_permissions = join(', ', $permissions);
      db_query("UPDATE {permission} SET perm = '%s' WHERE rid = %d", $updated_permissions, $role->rid);
    }
    else{
      // No permissions have been set for this role, so we need to insert some
      foreach($new_permissions as $permission){
        $permissions[] = trim($permission);
      }
      // rebuild the permission string
      $updated_permissions = join(', ', $permissions);
      db_query("INSERT INTO {permission} (rid, perm, tid) VALUES(%d,'%s',%d)",$role->rid,$updated_permissions,0);       
    }
  }
  return;
}

/**
 * Helper function to revoke permissions from a role.
 */
function permissions_revoke_permissions($role_name, $new_permissions) {
  $permissions = array();
  $updated_permissions = '';
  $role = permissions_get_role($role_name);
  if (is_array($new_permissions)) {
    $permissions = permissions_get_permissions_for_role($role->name);
    if (count($permissions) > 0) {
      // Unset the permission from the array
      foreach($new_permissions as $permission){
        $index = array_search($permission, $permissions);
        if($index !== false){
          unset($permissions[$index]);       
        }
      }
      
      // rebuild the permission string
      $updated_permissions = join(', ', $permissions);
      db_query("UPDATE {permission} SET perm = '%s' WHERE rid = %d", $updated_permissions, $role->rid);
    }
  }
  return;
}

/**
 * Helper function to grant all defined permissions to a given role
 */
function permissions_grant_all_permissions($role_name) {
  $updated_permissions = '';
  $all_permissions = array();
  $role = permissions_get_role($role_name);
  if($role->rid > 0){
    // Build a list of all the permissions defined by hook_perm
    foreach (module_list(FALSE, FALSE, TRUE) as $module) {
      if ($permissions = module_invoke($module, 'perm')) {
        asort($permissions);
        foreach ($permissions as $perm) {
         $all_permissions[] = $perm;
        }       
      }
    }
  }
  
  // Build the permissions string
  $updated_permissions = join(', ', $all_permissions);
  
  $perm_string = db_result(db_query("SELECT perm FROM {permission} WHERE rid = %d", $role->rid));
  
  // Check to see if there are existing permissions
  if (strlen($perm_string) > 0) {
    db_query("UPDATE {permission} SET perm = '%s' WHERE rid = %d", $updated_permissions, $role->rid);
  }
  else{
    db_query("INSERT INTO {permission} (rid, perm, tid) VALUES(%d,'%s',%d)",$role->rid,$updated_permissions,0);
  }
  
  return;
}

/**
 * Helper function to grant all permissions defined by a given module to a given role
 */
function permissions_grant_all_permissions_by_module($role_name, $module) {
  $updated_permissions = '';
  $permissions = array();
  $module_permissions = array();
  $role = permissions_get_role($role_name);
  if($role->rid > 0){
    // Fetch the permissions string for the given role id
    $permissions = permissions_get_permissions_for_role($role->name);
    
    // Check to see if there are existing permissions
    if (count($permissions) > 0) {
      // Build a list of all the permissions defined by hook_perm
      if ($module_permissions = module_invoke($module, 'perm')) {
        asort($module_permissions);
        foreach ($module_permissions as $perm) {
          if(! in_array($perm, $permissions)) { 
            $permissions[] = $perm;
          }  
        }
      }
      
      // Build the permissions string
      $updated_permissions = join(', ', $permissions);
      db_query("UPDATE {permission} SET perm = '%s' WHERE rid = %d", $updated_permissions, $role->rid);
    }
    else {
      // Build a list of all the permissions defined by hook_perm
      if ($module_permissions = module_invoke($module, 'perm')) {
        asort($module_permissions);
        foreach ($module_permissions as $perm) {
          $permissions[] = $perm;  
        }
      }
      
      // Build the permissions string
      $updated_permissions = join(', ', $permissions);
      db_query("INSERT INTO {permission} (rid, perm, tid) VALUES(%d,'%s',%d)",$role->rid,$updated_permissions,0);
    }
  }
 
  return;
}

function permissions_revoke_all_permissions_by_module($role_name, $module) {
  $updated_permissions = '';
  $permissions = array();
  $module_permissions = array();
  $role = permissions_get_role($role_name);
  if($role->rid > 0){
    // Fetch the permissions string for the given role id
    $permissions = permissions_get_permissions_for_role($role->name);
    
    // Check to see if there are existing permissions
    if (count($permissions) > 0) {
      // Build a list of all the permissions defined by hook_perm
      if ($module_permissions = module_invoke($module, 'perm')) {
        asort($module_permissions);
        foreach ($module_permissions as $perm) {
          $index = array_search($perm, $permissions);
          if($index >= 0){
            unset($permissions[$index]);       
          } 
        }
      }
      
      // Build the permissions string
      $updated_permissions = join(', ', $permissions);
      db_query("UPDATE {permission} SET perm = '%s' WHERE rid = %d", $updated_permissions, $role->rid);
    }
  }
  return;
}

/**
 * returns an array of permissions for a given role
 */
function permissions_get_permissions_for_role($role_name){
  $role = permissions_get_role($role_name);
  $permissions = array();
  if($role->rid > 0){
    $perm_string = db_result(db_query("SELECT perm FROM {permission} WHERE rid = %d", $role->rid));
    if (strlen($perm_string) > 0) {
      $permissions = explode(',', $perm_string);
      foreach($permissions as $index => $perm){
        $permissions[$index] = trim($perm);
      }
    }
  }
  return $permissions;  
}

/**
 * lookup the role by name
 */
function permissions_get_role($name) {
  $role = db_fetch_object(db_query("SELECT * FROM {role} r WHERE r.name = '%s'", $name));
  return $role;
}

/**
 * This function allows a role to inherit either all the permissions of another role
 */
function permissions_role_inherit($new_role, $orig_role) {
  $role = permissions_get_role($orig_role);
  if(! $role) {
    watchdog('permissions_api', 'Unable to inherit permissions from role; role doesn\'t exist');
    return false;
  }
  
  $clone = permissions_get_role($new_role);
  if(! $clone) {
    watchdog('permissions_api', 'Unable to inherit permissions into new role; role doesn\'t exist');
    return false;
  }
  
  // Inherit all of the permissions
  $role_permissions = permissions_get_permissions_for_role($role->name);
  if(! empty($role_permissions)) {
    permissions_grant_permissions($clone->name, $role_permissions);
  }
}
1	<?php
2	// $Id: permissions_api.module,v 1.10 2009/06/16 12:13:41 ebeyrent Exp $
3
4	/**
5	* @file
6	* Provides functions for granting and revoking permissions for given roles
7	*/
8
9	/**
10	* Helper function to grant permissions to a role.
11	*/
12	function permissions_grant_permissions($role_name, $new_permissions) {
13	$permissions = array();
14	$updated_permissions = '';
15	$role = permissions_get_role($role_name);
16	if (count($new_permissions) > 0) {
17	// Fetch the permissions string for the given role id
18	$permissions = permissions_get_permissions_for_role($role->name);
19	// Check to see if there are existing permissions
20	if(count($permissions) > 0) {
21	// Add the new permissions if the role doesn't already have the permission
22	foreach($new_permissions as $permission) {
23	if(! in_array($permission, $permissions)) {
24	$permissions[] = trim($permission);
25	}
26	}
27
28	// rebuild the permission string
29	$updated_permissions = join(', ', $permissions);
30	db_query("UPDATE {permission} SET perm = '%s' WHERE rid = %d", $updated_permissions, $role->rid);
31	}
32	else{
33	// No permissions have been set for this role, so we need to insert some
34	foreach($new_permissions as $permission){
35	$permissions[] = trim($permission);
36	}
37	// rebuild the permission string
38	$updated_permissions = join(', ', $permissions);
39	db_query("INSERT INTO {permission} (rid, perm, tid) VALUES(%d,'%s',%d)",$role->rid,$updated_permissions,0);
40	}
41	}
42	return;
43	}
44
45	/**
46	* Helper function to revoke permissions from a role.
47	*/
48	function permissions_revoke_permissions($role_name, $new_permissions) {
49	$permissions = array();
50	$updated_permissions = '';
51	$role = permissions_get_role($role_name);
52	if (is_array($new_permissions)) {
53	$permissions = permissions_get_permissions_for_role($role->name);
54	if (count($permissions) > 0) {
55	// Unset the permission from the array
56	foreach($new_permissions as $permission){
57	$index = array_search($permission, $permissions);
58	if($index !== false){
59	unset($permissions[$index]);
60	}
61	}
62
63	// rebuild the permission string
64	$updated_permissions = join(', ', $permissions);
65	db_query("UPDATE {permission} SET perm = '%s' WHERE rid = %d", $updated_permissions, $role->rid);
66	}
67	}
68	return;
69	}
70
71	/**
72	* Helper function to grant all defined permissions to a given role
73	*/
74	function permissions_grant_all_permissions($role_name) {
75	$updated_permissions = '';
76	$all_permissions = array();
77	$role = permissions_get_role($role_name);
78	if($role->rid > 0){
79	// Build a list of all the permissions defined by hook_perm
80	foreach (module_list(FALSE, FALSE, TRUE) as $module) {
81	if ($permissions = module_invoke($module, 'perm')) {
82	asort($permissions);
83	foreach ($permissions as $perm) {
84	$all_permissions[] = $perm;
85	}
86	}
87	}
88	}
89
90	// Build the permissions string
91	$updated_permissions = join(', ', $all_permissions);
92
93	$perm_string = db_result(db_query("SELECT perm FROM {permission} WHERE rid = %d", $role->rid));
94
95	// Check to see if there are existing permissions
96	if (strlen($perm_string) > 0) {
97	db_query("UPDATE {permission} SET perm = '%s' WHERE rid = %d", $updated_permissions, $role->rid);
98	}
99	else{
100	db_query("INSERT INTO {permission} (rid, perm, tid) VALUES(%d,'%s',%d)",$role->rid,$updated_permissions,0);
101	}
102
103	return;
104	}
105
106	/**
107	* Helper function to grant all permissions defined by a given module to a given role
108	*/
109	function permissions_grant_all_permissions_by_module($role_name, $module) {
110	$updated_permissions = '';
111	$permissions = array();
112	$module_permissions = array();
113	$role = permissions_get_role($role_name);
114	if($role->rid > 0){
115	// Fetch the permissions string for the given role id
116	$permissions = permissions_get_permissions_for_role($role->name);
117
118	// Check to see if there are existing permissions
119	if (count($permissions) > 0) {
120	// Build a list of all the permissions defined by hook_perm
121	if ($module_permissions = module_invoke($module, 'perm')) {
122	asort($module_permissions);
123	foreach ($module_permissions as $perm) {
124	if(! in_array($perm, $permissions)) {
125	$permissions[] = $perm;
126	}
127	}
128	}
129
130	// Build the permissions string
131	$updated_permissions = join(', ', $permissions);
132	db_query("UPDATE {permission} SET perm = '%s' WHERE rid = %d", $updated_permissions, $role->rid);
133	}
134	else {
135	// Build a list of all the permissions defined by hook_perm
136	if ($module_permissions = module_invoke($module, 'perm')) {
137	asort($module_permissions);
138	foreach ($module_permissions as $perm) {
139	$permissions[] = $perm;
140	}
141	}
142
143	// Build the permissions string
144	$updated_permissions = join(', ', $permissions);
145	db_query("INSERT INTO {permission} (rid, perm, tid) VALUES(%d,'%s',%d)",$role->rid,$updated_permissions,0);
146	}
147	}
148
149	return;
150	}
151
152	function permissions_revoke_all_permissions_by_module($role_name, $module) {
153	$updated_permissions = '';
154	$permissions = array();
155	$module_permissions = array();
156	$role = permissions_get_role($role_name);
157	if($role->rid > 0){
158	// Fetch the permissions string for the given role id
159	$permissions = permissions_get_permissions_for_role($role->name);
160
161	// Check to see if there are existing permissions
162	if (count($permissions) > 0) {
163	// Build a list of all the permissions defined by hook_perm
164	if ($module_permissions = module_invoke($module, 'perm')) {
165	asort($module_permissions);
166	foreach ($module_permissions as $perm) {
167	$index = array_search($perm, $permissions);
168	if($index >= 0){
169	unset($permissions[$index]);
170	}
171	}
172	}
173
174	// Build the permissions string
175	$updated_permissions = join(', ', $permissions);
176	db_query("UPDATE {permission} SET perm = '%s' WHERE rid = %d", $updated_permissions, $role->rid);
177	}
178	}
179	return;
180	}
181
182	/**
183	* returns an array of permissions for a given role
184	*/
185	function permissions_get_permissions_for_role($role_name){
186	$role = permissions_get_role($role_name);
187	$permissions = array();
188	if($role->rid > 0){
189	$perm_string = db_result(db_query("SELECT perm FROM {permission} WHERE rid = %d", $role->rid));
190	if (strlen($perm_string) > 0) {
191	$permissions = explode(',', $perm_string);
192	foreach($permissions as $index => $perm){
193	$permissions[$index] = trim($perm);
194	}
195	}
196	}
197	return $permissions;
198	}
199
200	/**
201	* lookup the role by name
202	*/
203	function permissions_get_role($name) {
204	$role = db_fetch_object(db_query("SELECT * FROM {role} r WHERE r.name = '%s'", $name));
205	return $role;
206	}
207
208	/**
209	* This function allows a role to inherit either all the permissions of another role
210	*/
211	function permissions_role_inherit($new_role, $orig_role) {
212	$role = permissions_get_role($orig_role);
213	if(! $role) {
214	watchdog('permissions_api', 'Unable to inherit permissions from role; role doesn\'t exist');
215	return false;
216	}
217
218	$clone = permissions_get_role($new_role);
219	if(! $clone) {
220	watchdog('permissions_api', 'Unable to inherit permissions into new role; role doesn\'t exist');
221	return false;
222	}
223
224	// Inherit all of the permissions
225	$role_permissions = permissions_get_permissions_for_role($role->name);
226	if(! empty($role_permissions)) {
227	permissions_grant_permissions($clone->name, $role_permissions);
228	}
229	}