luos/workflow/engine/methods/tools/methodsPermissions_Ajax.php

<?php
/**
 * methodsPermissions_Ajax.php
 *  
 * ProcessMaker Open Source Edition
 * Copyright (C) 2004 - 2008 Colosa Inc.23
 * 
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 * 
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 * 
 * For more information, contact Colosa Inc, 2566 Le Jeune Rd., 
 * Coral Gables, FL, 33134, USA, or email info@colosa.com.
 * 
 */
  G::LoadClass("webResource");
  define('GET_PERMISSION_REG_EXP','/(G::\\s*genericForceLogin\\s*\\(\\s*[\'"])(\\w+)([\'"]\\s*,\\s*[\'"].+[\'"],.+\\)\\s*)|(\\$RBAC->userCanAccess\\s*\\(\\s*[\'"])(\\w+)([\'"]\\s*\\))/i');
  define('GET_PERMISSION_REG_EXP2','/\\s*if\\s*\\(\\s*\\(\\s*\\$RBAC_Response\\s*=\\s*\\$RBAC->userCanAccess\\s*\\(\\s*[\'"]\\w+[\'"]\\s*\\)\\s*\\)\\s*!=1\\s*\\)\\s*return(?:.*)?;\\s*/i');
  class phpFile extends webResource
  {
    function _get_permissions($filename)
    {
      $aSource = file( $filename);
      $aOutSource = array();
  	  $source = implode( '', $aSource );
  	  $regExp=GET_PERMISSION_REG_EXP;
  	  $permissions=array();
  	  $lines=array();
  	  $len=preg_match_all($regExp,$source,$matches,PREG_OFFSET_CAPTURE);
  	  for($r=0; $r < $len; $r++)
  	  {
  	    $match=$matches[0][$r][0];
  	    $permission=($matches[2][$r][0]!='') ? $matches[2][$r][0]:$matches[5][$r][0];
  	    $toPrint=($matches[2][$r][0]!='') ? 
  	      (
  	        htmlentities($matches[1][$r][0],ENT_QUOTES,'utf-8').
  	        '<b>'.htmlentities($matches[2][$r][0],ENT_QUOTES,'utf-8').'</b>'.
  	        htmlentities($matches[3][$r][0],ENT_QUOTES,'utf-8')
  	      )
  	      :
  	      (
  	        htmlentities($matches[4][$r][0],ENT_QUOTES,'utf-8').
  	        '<b>'.htmlentities($matches[5][$r][0],ENT_QUOTES,'utf-8').'</b>'.
  	        htmlentities($matches[6][$r][0],ENT_QUOTES,'utf-8')
  	      );
      	  $row = $this->_getLine($aSource,$matches[0][$r][1]);
    	    if (array_search($permission,$permissions)===FALSE)
    	    {
    	      $permissions[]=$permission;
    	      $lines[]=$row;
    	    }
    	    //TODO: Need to htmlencode the rest of the line that is not in match. Ex. < ? php
      	  if ($row>0) $aOutSource[$row-1]=str_replace($match,$toPrint,isset($aOutSource[$row-1])?$aOutSource[$row-1]:$aSource[$row-1]);
      	  $aOutSource[$row]=str_replace($match,$toPrint,isset($aOutSource[$row])?$aOutSource[$row]:$aSource[$row]);
      	  if ($row<(sizeof($aSource)-1)) $aOutSource[$row+1]=str_replace($match,$toPrint,isset($aOutSource[$row+1])?$aOutSource[$row+1]:$aSource[$row+1]);
  	  }
  	  ksort($aOutSource);
  	  $row0=0;$html='';
  	  foreach($aOutSource as $row => $line)
  	  {
  	    if (($row-1) > $row0) $html.=$this->_printLine($row,'...');
  	    $html.=$this->_printLine($row+1,$line,true,$aSource[$row],$filename.'?'.$row);
  	    $row0=$row;
  	  }
  	  return array (
  	      ($html==='')?'Dont have RBAC validation!':('<table>'.$html.'</table>'),
  	      $permissions,
  	      $lines
  	    );
    }
    function get_permissions($filename)
    {
      $res=$this->_get_permissions($filename);
      return $res[0];
    }
    function modify_line($filename,$row,$value)
    {
      $aSource = file( $filename);
      $line=$aSource[$row];
      $nl=(strlen($line)>=2)&&(substr($line,-2,2)=="\r\n")?
        "\r\n":
        ((strlen($line)>=1)&&(substr($line,-1,1)=="\n")?"\n":"");
      $aSource[$row]=$value.$nl;
      /*Save change*/
      $fp=fopen($filename,'w');
      fwrite($fp,implode('',$aSource));
      fclose($fp);
      /*Format line*/
  	  $regExp=GET_PERMISSION_REG_EXP;
      $line=$aSource[$row];
  	  $len=preg_match_all($regExp,$line,$matches,PREG_OFFSET_CAPTURE);
  	  for($r=0; $r < $len; $r++)
  	  {
  	    $match=$matches[0][$r][0];
  	    $toPrint=($matches[2][$r][0]!='') ? 
  	      (
  	        htmlentities($matches[1][$r][0],ENT_QUOTES,'utf-8').
  	        '<b>'.htmlentities($matches[2][$r][0],ENT_QUOTES,'utf-8').'</b>'.
  	        htmlentities($matches[3][$r][0],ENT_QUOTES,'utf-8')
  	      )
  	      :
  	      (
  	        htmlentities($matches[4][$r][0],ENT_QUOTES,'utf-8').
  	        '<b>'.htmlentities($matches[5][$r][0],ENT_QUOTES,'utf-8').'</b>'.
  	        htmlentities($matches[6][$r][0],ENT_QUOTES,'utf-8')
  	      );
      	  $line=str_replace($match,$toPrint,$line);
  	  }
      return array($line,$aSource[$row]);
    }
    function set_header($filename,$value)
    {
      $aFields=array("_FILENAME_"=>basename( $filename ) );
      $value = G::replaceDataField( $value , $aFields );
      $aOrigin = file( $filename);
      //It suposse that allway start with <?. or <?php
      $line=$aOrigin[0];
      $nl=(strlen($line)>=2)&&(substr($line,-2,2)=="\r\n")?
        "\r\n":
        ((strlen($line)>=1)&&(substr($line,-1,1)=="\n")?"\n":"");

      $codigo = implode('',$aOrigin);
      $pattern='/\/\*[\w\W]+\* '.'ProcessMaker Open Source'.'[\w\W]+?\*\//i';
      if (preg_match($pattern,$codigo))
      {
        $codigo=preg_replace( $pattern, $value , $codigo );
      }
      else
      {
        $aSource=array();
        $aSource[0]=$aOrigin[0];
        $aSource[1]=$value.$nl;
        for($r=1;$r<sizeof($aOrigin);$r++)
        {
          $aSource[]=$aOrigin[$r];
        }
        $codigo=implode('',$aSource);
      }
      /*Save change*/
      $fp=fopen($filename,'w');
      fwrite($fp,$codigo);
      fclose($fp);
      return $this->get_permissions($filename);
    }
    function add_permission($filename,$value)
    {
      $aOrigin = file( $filename);
      //It suposse that allway start with <?. or <?php
      $aSource[0]=$aOrigin[0];
      $line=$aOrigin[0];
      $nl=(strlen($line)>=2)&&(substr($line,-2,2)=="\r\n")?
        "\r\n":
        ((strlen($line)>=1)&&(substr($line,-1,1)=="\n")?"\n":"");
      $aSource[1]=$value.$nl;
      for($r=1;$r<sizeof($aOrigin);$r++)
      {
        $aSource[]=$aOrigin[$r];
      }
      /*Save change*/
      $fp=fopen($filename,'w');
      fwrite($fp,implode('',$aSource));
      fclose($fp);
      return $this->get_permissions($filename);
    }
    function _getLine(&$aSource,$pos)
    {
      $i=1;
      while ($pos>sizeof($aSource[$i])) 
      {
        $pos-=strlen($aSource[$i]);
        $i++;
      }
      return $i-1;
    }
    function _printLine($row,$txt,$editable=false,$editValue='',$name='')
    {
      if ($editable)
      {
        return '<tr><td><input value="X" type="button" style="width:100%;" '.
        ' name="'.htmlentities($name,ENT_QUOTES,'utf-8').'"'.
        ' onclick="removeLine(this);"/></td>'.
        '<td class="treeContent" align="right">'.$row.'</td>
        <td class="treeNode"><span onclick="switchViewEdit(this,this.nextSibling);">'.
        $txt.'</span>'.
        '<input class="treeNode"'.
        ' name="'.htmlentities($name,ENT_QUOTES,'utf-8').'"'.
        ' style="border:none;width:100%;display:none;"'.
        ' onblur="switchEditView(this.previousSibling,this);"'.
        ' value="'.htmlentities($editValue,ENT_QUOTES,'utf-8').'"/></td></tr>';
      }
      else
      {
        return '<tr><td></td>'.
        '<td class="treeContent" align="right">'.$row.'</td>'.
        '<td class="treeNode">'.$txt.'</td></tr>';
      }
    }
    function set_permission($filename,$permission)
    {
      list($html,$permissions)=$this->_get_permissions($filename);
      if (array_search($permission,$permissions)===FALSE)
      {
        $this->add_permission
          (
            $filename,
            'if (($RBAC_Response=$RBAC->userCanAccess("'.$permission.'"))!=1) return $RBAC_Response;'
          );
      }
      return $this->get_permissions($filename);
    }
    function set_path_permission($path,$permission)
    {
      $files=glob($path.'*.php');
      foreach($files as $file)
      {
        $this->set_permission($file,$permission);
      }
    }
    function set_path_header($path,$header)
    {
      $files=glob($path.'*.php');
      $filesMod=array();
      foreach($files as $file)
      {
        $filesMod[]=$file;
        $this->set_header($file,$header);
      }
      $dirs=glob($path.'*', GLOB_MARK  );
      foreach($dirs as $dir)
      {
        if (substr( $dir , -1 , 1 )=='/') $this->set_path_header($dir,$header);
      }
      return $filesMod;
    }
    function remove_path_permission($path,$permission)
    {
      $files=glob($path.'*.php');
      foreach($files as $file)
      {
        $this->remove_permission($file,$permission);
      }
    }
    function remove_line($filename,$line)
    {
      $aSource = file($filename);
      unset($aSource[$line]);
      /*Save change*/
      $fp=fopen($filename,'w');
      fwrite($fp,implode('',$aSource));
      fclose($fp);
      return $this->get_permissions($filename);
    }
    function remove_permission($filename,$permission)
    {
      $aSource = file( $filename);
      list($html,$permissions,$lines) = $this->_get_permissions($filename);
      if (($row=array_search($permission,$permissions))!==FALSE)
      {
        $line=$lines[$row];
        if (preg_match(GET_PERMISSION_REG_EXP2,$aSource[$line]))
        {
          unset($aSource[$line]);
          $msg="Removed.";
        }
        else
        {
          $msg="Can not be removed!";
        }
      }
      /*Save change*/
      $fp=fopen($filename,'w');
      fwrite($fp,implode('',$aSource));
      fclose($fp);
      return $this->get_permissions($filename);
    }
  }
  $phpFile=new phpFile('methodsPermissions_Ajax',$_POST);
?>