From 28a7f380d0109958028850b61d104832148abcfe Mon Sep 17 00:00:00 2001 From: Simon Leary Date: Mon, 7 Apr 2025 14:44:02 -0400 Subject: [PATCH] remove generic group / perms code --- resources/lib/UnityPerms.php | 131 ---------------------------- resources/lib/UnitySQL.php | 71 --------------- resources/lib/UnityUser.php | 25 ------ tools/docker-dev/sql/bootstrap.sql | 134 ----------------------------- 4 files changed, 361 deletions(-) delete mode 100644 resources/lib/UnityPerms.php diff --git a/resources/lib/UnityPerms.php b/resources/lib/UnityPerms.php deleted file mode 100644 index e16a66de..00000000 --- a/resources/lib/UnityPerms.php +++ /dev/null @@ -1,131 +0,0 @@ -SQL = $SQL; - $this->USER = $USER; - } - - public function checkApproveUser($uid, $operated_on, $group) - { - if (!$this->USER->isInGroup($uid, $group)) { - return false; - } - - $role = $this->SQL->getRole($uid, $group); - - if ($this->SQL->hasPerm($role, 'unity.admin') || $this->SQL->hasPerm($role, 'unity.admin_no_grant')) { - return true; - } - - if (!$this->SQL->hasPerm($role, 'unity.approve_user')) { - return false; - } - - $operated_on_role = $this->SQL->getRole($operated_on, $group); - - if ($this->SQL->getPriority($operated_on_role) >= $this->SQL->getPriority($role)) { - return false; - } - - return true; - } - - public function checkDenyUser($uid, $operated_on, $group) - { - if (!$this->USER->isInGroup($uid, $group)) { - return false; - } - - $role = $this->SQL->getRole($uid, $group); - - if ($this->SQL->hasPerm($role, 'unity.admin') || $this->SQL->hasPerm($role, 'unity.admin_no_grant')) { - return true; - } - - if (!$this->SQL->hasPerm($role, 'unity.deny_user')) { - return false; - } - - $operated_on_role = $this->SQL->getRole($operated_on, $group); - - if ($this->SQL->getPriority($operated_on_role) >= $this->SQL->getPriority($role)) { - return false; - } - - return true; - } - - public function checkGrantRole($uid, $group, $role) - { - if (!$this->USER->isInGroup($uid, $group)) { - return false; - } - - if (!$this->SQL->roleAvailableInGroup($uid, $group, $role)) { - return false; - } - - $user_role = $this->SQL->getRole($uid, $group); - - if ($this->SQL->hasPerm($user_role, 'unity.admin_no_grant') && $role == 'unity.admin') { - return false; - } - - if ($this->SQL->hasPerm($user_role, 'unity.admin') || $this->SQL->hasPerm($user_role, 'unity.admin_no_grant')) { - return true; - } - - if (!$this->SQL->hasPerm($user_role, 'unity.grant_role')) { - return false; - } - - $role_to_grant = $this->SQL->getRole($role, $group); - - if ($this->SQL->getPriority($role_to_grant) >= $this->SQL->getPriority($user_role)) { - return false; - } - - return true; - } - - public function checkRevokeRole($uid, $group, $role) - { - if (!$this->USER->isInGroup($uid, $group)) { - return false; - } - - if (!$this->SQL->roleAvailableInGroup($uid, $group, $role)) { - return false; - } - - $user_role = $this->SQL->getRole($uid, $group); - - if ($this->SQL->hasPerm($user_role, 'unity.admin_no_grant') && $role == 'unity.admin') { - return false; - } - - if ($this->SQL->hasPerm($user_role, 'unity.admin') || $this->SQL->hasPerm($user_role, 'unity.admin_no_grant')) { - return true; - } - - if (!$this->SQL->hasPerm($user_role, 'unity.revoke_role')) { - return false; - } - - $role_to_revoke = $this->SQL->getRole($role, $group); - - if ($this->SQL->getPriority($role_to_revoke) >= $this->SQL->getPriority($user_role)) { - return false; - } - - return true; - } -} diff --git a/resources/lib/UnitySQL.php b/resources/lib/UnitySQL.php index 904ea2fd..5054cf0c 100644 --- a/resources/lib/UnitySQL.php +++ b/resources/lib/UnitySQL.php @@ -14,11 +14,6 @@ class UnitySQL private const TABLE_AUDIT_LOG = "audit_log"; private const TABLE_ACCOUNT_DELETION_REQUESTS = "account_deletion_requests"; private const TABLE_SITEVARS = "sitevars"; - private const TABLE_GROUP_ROLES = "groupRoles"; - private const TABLE_GROUP_TYPES = "groupTypes"; - private const TABLE_GROUP_ROLE_ASSIGNMENTS = "groupRoleAssignments"; - private const TABLE_GROUP_REQUESTS = "groupRequests"; - private const TABLE_GROUP_JOIN_REQUESTS = "groupJoinRequests"; private const REQUEST_ADMIN = "admin"; @@ -305,70 +300,4 @@ public function updateSiteVar($name, $value) $stmt->execute(); } - - public function getRole($uid, $group) - { - $stmt = $this->conn->prepare( - "SELECT * FROM " . self::TABLE_GROUP_ROLE_ASSIGNMENTS . " WHERE user=:uid AND `group`=:group" - ); - $stmt->bindParam(":uid", $uid); - $stmt->bindParam(":group", $group); - - $stmt->execute(); - - return $stmt->fetchAll()[0]['role']; - } - - public function hasPerm($role, $perm) - { - $stmt = $this->conn->prepare( - "SELECT * FROM " . self::TABLE_GROUP_ROLES . " WHERE slug=:role" - ); - $stmt->bindParam(":role", $role); - - $stmt->execute(); - - $row = $stmt->fetchAll()[0]; - $perms = explode(",", $row['perms']); - return in_array($perm, $perms); - } - - public function getPriority($role) - { - $stmt = $this->conn->prepare( - "SELECT * FROM " . self::TABLE_GROUP_ROLES . " WHERE slug=:role" - ); - $stmt->bindParam(":role", $role); - - $stmt->execute(); - - $row = $stmt->fetchAll()[0]; - return $row['priority']; - } - - public function roleAvailableInGroup($uid, $group, $role) - { - $stmt = $this->conn->prepare( - "SELECT * FROM " . self::TABLE_GROUP_ROLE_ASSIGNMENTS . " WHERE user=:uid AND `group`=:group" - ); - $stmt->bindParam(":uid", $uid); - $stmt->bindParam(":group", $group); - - $stmt->execute(); - $row = $stmt->fetchAll()[0]; - - $group_slug = $row['group']; - - $stmt = $this->conn->prepare( - "SELECT * FROM " . self::TABLE_GROUP_TYPES . " WHERE slug=:slug" - ); - - $stmt->bindParam(":slug", $group_slug); - $stmt->execute(); - - $row = $stmt->fetchAll()[0]; - $roles = explode(",", $row['roles']); - - return in_array($role, $roles); - } } diff --git a/resources/lib/UnityUser.php b/resources/lib/UnityUser.php index 4f88eac6..d2cc6d23 100644 --- a/resources/lib/UnityUser.php +++ b/resources/lib/UnityUser.php @@ -671,29 +671,4 @@ public function hasRequestedAccountDeletion() { return $this->SQL->accDeletionRequestExists($this->getUID()); } - - /** - * Checks whether a user is in a group or not - * @param string $uid uid of the user - * @param string or object $group group to check - * @return boolean true if user is in group, false if not - */ - - public function isInGroup($uid, $group) - { - if (gettype($group) == "string") { - $group_checked = new UnityGroup( - $group, - $this->LDAP, - $this->SQL, - $this->MAILER, - $this->REDIS, - $this->WEBHOOK - ); - } else { - $group_checked = $group; - } - - return in_array($uid, $group_checked->getGroupMemberUIDs()); - } } diff --git a/tools/docker-dev/sql/bootstrap.sql b/tools/docker-dev/sql/bootstrap.sql index 53fdbb0b..18e170fc 100644 --- a/tools/docker-dev/sql/bootstrap.sql +++ b/tools/docker-dev/sql/bootstrap.sql @@ -65,80 +65,6 @@ CREATE TABLE `events` ( -- -------------------------------------------------------- --- --- Table structure for table `groupJoinRequests` --- - -CREATE TABLE `groupJoinRequests` ( - `id` int(11) NOT NULL, - `group_name` varchar(768) NOT NULL, - `requestor` varchar(768) NOT NULL, - `requested_on` timestamp NOT NULL DEFAULT current_timestamp() -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; - --- -------------------------------------------------------- - --- --- Table structure for table `groupRequests` --- - -CREATE TABLE `groupRequests` ( - `id` int(11) NOT NULL, - `group_type` varchar(768) NOT NULL, - `group_name` varchar(768) NOT NULL, - `requestor` varchar(128) NOT NULL, - `requested_on` timestamp NOT NULL DEFAULT current_timestamp(), - `start_date` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00', - `end_date` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00' -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; - --- -------------------------------------------------------- - --- --- Table structure for table `groupRoleAssignments` --- - -CREATE TABLE `groupRoleAssignments` ( - `id` int(11) NOT NULL, - `user` varchar(128) NOT NULL, - `role` varchar(768) NOT NULL, - `group` varchar(768) NOT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; - --- -------------------------------------------------------- - --- --- Table structure for table `groupRoles` --- - -CREATE TABLE `groupRoles` ( - `id` int(11) NOT NULL, - `name` varchar(768) NOT NULL, - `slug` varchar(768) NOT NULL, - `priority` int(11) NOT NULL, - `color` varchar(768) NOT NULL, - `perms` varchar(768) NOT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; - --- -------------------------------------------------------- - --- --- Table structure for table `groupTypes` --- - -CREATE TABLE `groupTypes` ( - `id` int(11) NOT NULL, - `name` varchar(768) NOT NULL, - `slug` varchar(768) NOT NULL, - `color` varchar(768) NOT NULL, - `time_limited` tinyint(1) NOT NULL, - `def_role` varchar(768) NOT NULL, - `av_roles` varchar(768) NOT NULL, - `can_request` tinyint(1) NOT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; - --- -------------------------------------------------------- - -- -- Table structure for table `notices` -- @@ -240,36 +166,6 @@ ALTER TABLE `audit_log` ALTER TABLE `events` ADD PRIMARY KEY (`id`); --- --- Indexes for table `groupJoinRequests` --- -ALTER TABLE `groupJoinRequests` - ADD PRIMARY KEY (`id`); - --- --- Indexes for table `groupRequests` --- -ALTER TABLE `groupRequests` - ADD PRIMARY KEY (`id`); - --- --- Indexes for table `groupRoleAssignments` --- -ALTER TABLE `groupRoleAssignments` - ADD PRIMARY KEY (`id`); - --- --- Indexes for table `groupRoles` --- -ALTER TABLE `groupRoles` - ADD PRIMARY KEY (`id`); - --- --- Indexes for table `groupTypes` --- -ALTER TABLE `groupTypes` - ADD PRIMARY KEY (`id`); - -- -- Indexes for table `notices` -- @@ -322,36 +218,6 @@ ALTER TABLE `audit_log` ALTER TABLE `events` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT; --- --- AUTO_INCREMENT for table `groupJoinRequests` --- -ALTER TABLE `groupJoinRequests` - MODIFY `id` int(11) NOT NULL AUTO_INCREMENT; - --- --- AUTO_INCREMENT for table `groupRequests` --- -ALTER TABLE `groupRequests` - MODIFY `id` int(11) NOT NULL AUTO_INCREMENT; - --- --- AUTO_INCREMENT for table `groupRoleAssignments` --- -ALTER TABLE `groupRoleAssignments` - MODIFY `id` int(11) NOT NULL AUTO_INCREMENT; - --- --- AUTO_INCREMENT for table `groupRoles` --- -ALTER TABLE `groupRoles` - MODIFY `id` int(11) NOT NULL AUTO_INCREMENT; - --- --- AUTO_INCREMENT for table `groupTypes` --- -ALTER TABLE `groupTypes` - MODIFY `id` int(11) NOT NULL AUTO_INCREMENT; - -- -- AUTO_INCREMENT for table `notices` --