From 053ae2225866f290857efdd934620dd7416ca8c2 Mon Sep 17 00:00:00 2001 From: Kevin Day Date: Fri, 26 May 2017 21:40:52 -0500 Subject: [PATCH] Progress: rolling out the roler, the "can manage roles" role Using "can manage roles" was inconsistent with how I use the "is_X" role behavior but it is also similar enough that I feel that it should be an "is_X". To try to make it consistent, I decided to invent a new word that fits the behavior: roler (Not to be confused with roller). Just like how I abused the word "administrator" as "administer", I am abusing the words "role manager" as "roler". --- common/base/classes/base_users.php | 33 +++++++++++++++--------------- common/standard/classes/standard_users.php | 6 +++--- common/standard/paths/u/user_view.php | 2 +- database/sql/standard/standard-users.sql | 21 +++++++++---------- 4 files changed, 30 insertions(+), 32 deletions(-) diff --git a/common/base/classes/base_users.php b/common/base/classes/base_users.php index 5835b3d..36ad702 100644 --- a/common/base/classes/base_users.php +++ b/common/base/classes/base_users.php @@ -27,8 +27,7 @@ class c_base_users_user extends c_base_return_array { protected $is_private; protected $is_locked; protected $is_deleted; - - protected $can_manage_roles; + protected $is_roler; protected $date_created; protected $date_changed; @@ -56,8 +55,7 @@ class c_base_users_user extends c_base_return_array { $this->is_private = TRUE; $this->is_locked = FALSE; $this->is_deleted = FALSE; - - $this->can_manage_roles = FALSE; + $this->is_roler = FALSE; $this->date_created = NULL; $this->date_changed = NULL; @@ -84,8 +82,7 @@ class c_base_users_user extends c_base_return_array { unset($this->is_private); unset($this->is_locked); unset($this->is_deleted); - - unset($this->can_manage_roles); + unset($this->is_roler); unset($this->date_created); unset($this->date_changed); @@ -643,31 +640,33 @@ class c_base_users_user extends c_base_return_array { /** - * Get the is can manage roles setting. + * Get the is roler setting. + * + * A "roler" refers to a user who is allowed to manage roles. * - * @param bool|null $can_manage_roles + * @param bool|null $is_roler * When a boolean, this is assigned as the current can manage roles setting. * When NULL, the can manage roles setting is returned. * * @return c_base_return_bool|c_base_return_status - * When $can_manage_roles is NULL, is content boolean setting on success. + * When $is_roler is NULL, is content boolean setting on success. * FALSE with error bit is set on error. */ - public function can_manage_roles($can_manage_roles = NULL) { - if (!is_null($can_manage_roles) && !is_bool($can_manage_roles)) { - $error = c_base_error::s_log(NULL, array('arguments' => array(':{argument_name}' => 'can_manage_roles', ':{function_name}' => __CLASS__ . '->' . __FUNCTION__)), i_base_error_messages::INVALID_ARGUMENT); + public function is_roler($is_roler = NULL) { + if (!is_null($is_roler) && !is_bool($is_roler)) { + $error = c_base_error::s_log(NULL, array('arguments' => array(':{argument_name}' => 'is_roler', ':{function_name}' => __CLASS__ . '->' . __FUNCTION__)), i_base_error_messages::INVALID_ARGUMENT); return c_base_return_error::s_false($error); } - if (is_null($can_manage_roles)) { - if (!is_bool($this->can_manage_roles)) { - $this->can_manage_roles = FALSE; + if (is_null($is_roler)) { + if (!is_bool($this->is_roler)) { + $this->is_roler = FALSE; } - return c_base_return_bool::s_new($this->can_manage_roles); + return c_base_return_bool::s_new($this->is_roler); } - $this->can_manage_roles = $can_manage_roles; + $this->is_roler = $is_roler; return new c_base_return_true(); } diff --git a/common/standard/classes/standard_users.php b/common/standard/classes/standard_users.php index 46d6cb3..67219c0 100644 --- a/common/standard/classes/standard_users.php +++ b/common/standard/classes/standard_users.php @@ -69,7 +69,7 @@ class c_standard_users_user extends c_base_users_user { return c_base_return_error::s_false($error); } - $query_string = 'select id, id_external, id_sort, name_machine, name_human, address_email, is_public, is_system, is_requester, is_drafter, is_editor, is_reviewer, is_insurer, is_financer, is_publisher, is_auditor, is_manager, is_administer, is_private, is_locked, is_deleted, can_manage_roles, date_created, date_changed, date_synced, date_locked, date_deleted, settings '; + $query_string = 'select id, id_external, id_sort, name_machine, name_human, address_email, is_public, is_system, is_requester, is_drafter, is_editor, is_reviewer, is_insurer, is_financer, is_publisher, is_auditor, is_manager, is_administer, is_private, is_locked, is_deleted, is_roler, date_created, date_changed, date_synced, date_locked, date_deleted, settings '; $query_arguments = array(); if (is_null($user_name_or_id)) { @@ -259,10 +259,10 @@ class c_standard_users_user extends c_base_users_user { } if ($columns[21] == 't') { - $this->can_manage_roles = TRUE; + $this->is_roler = TRUE; } else { - $this->can_manage_roles = FALSE; + $this->is_roler = FALSE; } $this->date_created = c_base_defaults_global::s_get_timestamp($columns[22])->get_value_exact(); diff --git a/common/standard/paths/u/user_view.php b/common/standard/paths/u/user_view.php index a2d6d5b..03b4f3b 100644 --- a/common/standard/paths/u/user_view.php +++ b/common/standard/paths/u/user_view.php @@ -389,7 +389,7 @@ class c_standard_path_user_view extends c_standard_path { $content->set_tag($this->pr_create_tag_field_row(27, $tag_text, array(), NULL, ($count % 2 == 0 ? c_standard_path::CSS_AS_ROW_EVEN : c_standard_path::CSS_AS_ROW_ODD), $count, TRUE)); $count++; - if ($user->can_manage_roles()->get_value_exact()) { + if ($user->is_roler()->get_value_exact()) { $tag_text = $this->pr_get_text(33); } else { diff --git a/database/sql/standard/standard-users.sql b/database/sql/standard/standard-users.sql index 58ae62e..8c87f96 100644 --- a/database/sql/standard/standard-users.sql +++ b/database/sql/standard/standard-users.sql @@ -35,14 +35,13 @@ create table s_tables.t_users ( is_editor boolean default false not null, is_drafter boolean default false not null, is_requester boolean default false not null, + is_roler boolean default false not null, is_system boolean default false not null, is_public boolean default false not null, is_locked boolean default false not null, is_private boolean default true not null, is_deleted boolean default false not null, - can_manage_roles boolean default false not null, - date_created timestamp with time zone default current_timestamp not null, date_changed timestamp with time zone default current_timestamp not null, date_synced timestamp with time zone default current_timestamp not null, @@ -108,15 +107,15 @@ create index i_users_id_sort_z on s_tables.t_users (id_sort) with (fillfactor = /*** provide current user access to their own information (system users are not allowed to update their account) ***/ create view s_users.v_users_self with (security_barrier=true) as - select id, id_external, id_sort, name_machine, name_human, address_email, is_administer, is_manager, is_auditor, is_publisher, is_insurer, is_financer, is_reviewer, is_editor, is_drafter, is_requester, is_system, is_public, is_locked, is_private, is_deleted, can_manage_roles, date_created, date_changed, date_synced, date_locked, null::timestamp as date_deleted, settings from s_tables.t_users + select id, id_external, id_sort, name_machine, name_human, address_email, is_administer, is_manager, is_auditor, is_publisher, is_insurer, is_financer, is_reviewer, is_editor, is_drafter, is_requester, is_system, is_public, is_locked, is_private, is_deleted, is_roler, date_created, date_changed, date_synced, date_locked, null::timestamp as date_deleted, settings from s_tables.t_users where not is_deleted and (name_machine)::text = (current_user)::text; create view public.v_users_self_session with (security_barrier=true) as - select id, id_external, id_sort, name_machine, name_human, address_email, is_administer, is_manager, is_auditor, is_publisher, is_insurer, is_financer, is_reviewer, is_editor, is_drafter, is_requester, is_system, is_public, is_locked, is_private, is_deleted, can_manage_roles, date_created, date_changed, date_synced, date_locked, null::timestamp as date_deleted, settings from s_tables.t_users + select id, id_external, id_sort, name_machine, name_human, address_email, is_administer, is_manager, is_auditor, is_publisher, is_insurer, is_financer, is_reviewer, is_editor, is_drafter, is_requester, is_system, is_public, is_locked, is_private, is_deleted, is_roler, date_created, date_changed, date_synced, date_locked, null::timestamp as date_deleted, settings from s_tables.t_users where not is_deleted and (name_machine)::text = (session_user)::text; create view public.v_users_self_locked_not with (security_barrier=true) as - select id, id_external, id_sort, name_machine, name_human, address_email, is_administer, is_manager, is_auditor, is_publisher, is_insurer, is_financer, is_reviewer, is_editor, is_drafter, is_requester, is_system, is_public, is_locked, is_private, is_deleted, can_manage_roles, date_created, date_changed, date_synced, date_locked, null::timestamp as date_deleted, settings from s_tables.t_users + select id, id_external, id_sort, name_machine, name_human, address_email, is_administer, is_manager, is_auditor, is_publisher, is_insurer, is_financer, is_reviewer, is_editor, is_drafter, is_requester, is_system, is_public, is_locked, is_private, is_deleted, is_roler, date_created, date_changed, date_synced, date_locked, null::timestamp as date_deleted, settings from s_tables.t_users where not is_deleted and not is_locked and (name_machine)::text = (current_user)::text; create view public.v_users_self_exists with (security_barrier=true) as @@ -136,19 +135,19 @@ create view s_users.v_users_self_update with (security_barrier=true) as /**** anonymous user has uid = 1 ****/ create view public.v_users_self with (security_barrier=true) as - select id, id_external, id_sort, name_machine, name_human, address_email, is_administer, is_manager, is_auditor, is_publisher, is_insurer, is_financer, is_reviewer, is_editor, is_drafter, is_requester, is_system, is_public, is_locked, is_private, is_deleted, can_manage_roles, date_created, date_changed, date_synced, date_locked, null::timestamp as date_deleted, settings from s_tables.t_users + select id, id_external, id_sort, name_machine, name_human, address_email, is_administer, is_manager, is_auditor, is_publisher, is_insurer, is_financer, is_reviewer, is_editor, is_drafter, is_requester, is_system, is_public, is_locked, is_private, is_deleted, is_roler, date_created, date_changed, date_synced, date_locked, null::timestamp as date_deleted, settings from s_tables.t_users where not is_deleted and id = 1; /*** provide public user information ***/ create view public.v_users with (security_barrier=true) as - select id, null::bigint as id_external, id_sort, name_machine, name_human, null::public.ct_email as address_email, null::bool as is_administer, null::bool as is_manager, null::bool as is_auditor, null::bool as is_publisher, null::bool as is_insurer, null::bool as is_financer, null::bool as is_reviewer, null::bool as is_editor, null::bool as is_drafter, null::bool as is_requester, is_system, is_public, null::bool as is_locked, is_private, is_deleted, null::bool as can_manage_roles, null::timestamp as date_created, null::timestamp as date_changed, null::timestamp as date_synced, null::timestamp as date_locked, null::timestamp as date_deleted, null::json as settings from s_tables.t_users + select id, null::bigint as id_external, id_sort, name_machine, name_human, null::public.ct_email as address_email, null::bool as is_administer, null::bool as is_manager, null::bool as is_auditor, null::bool as is_publisher, null::bool as is_insurer, null::bool as is_financer, null::bool as is_reviewer, null::bool as is_editor, null::bool as is_drafter, null::bool as is_requester, is_system, is_public, null::bool as is_locked, is_private, is_deleted, null::bool as is_roler, null::timestamp as date_created, null::timestamp as date_changed, null::timestamp as date_synced, null::timestamp as date_locked, null::timestamp as date_deleted, null::json as settings from s_tables.t_users where (not is_deleted and not is_private) or (not is_deleted and (name_machine)::text = (current_user)::text); /*** provide e-mail address as public information only if it is explicitly allowed ***/ create view public.v_users_email with (security_barrier=true) as - select id, null::bigint as id_external, id_sort, name_machine, name_human, address_email, null::bool as is_administer, null::bool as is_manager, null::bool as is_auditor, null::bool as is_publisher, null::bool as is_insurer, null::bool as is_financer, null::bool as is_reviewer, null::bool as is_editor, null::bool as is_drafter, null::bool as is_requester, is_system, is_public, null::bool as is_locked, is_private, is_deleted, null::bool as can_manage_roles, null::timestamp as date_created, null::timestamp as date_changed, null::timestamp as date_synced, null::timestamp as date_locked, null::timestamp as date_deleted, null::json as settings from s_tables.t_users + select id, null::bigint as id_external, id_sort, name_machine, name_human, address_email, null::bool as is_administer, null::bool as is_manager, null::bool as is_auditor, null::bool as is_publisher, null::bool as is_insurer, null::bool as is_financer, null::bool as is_reviewer, null::bool as is_editor, null::bool as is_drafter, null::bool as is_requester, is_system, is_public, null::bool as is_locked, is_private, is_deleted, null::bool as is_roler, null::timestamp as date_created, null::timestamp as date_changed, null::timestamp as date_synced, null::timestamp as date_locked, null::timestamp as date_deleted, null::json as settings from s_tables.t_users where (not is_deleted and not is_private and not (address_email).private) or (not is_deleted and (name_machine)::text = (current_user)::text); @@ -158,16 +157,16 @@ create view s_managers.v_users with (security_barrier=true) as where not is_deleted; create view s_managers.v_users_insert with (security_barrier=true) as - select id, id_external, name_machine, name_human, address_email, is_manager, is_auditor, is_publisher, is_insurer, is_financer, is_reviewer, is_editor, is_drafter, is_requester, is_locked, is_private, can_manage_roles, settings from s_tables.t_users + select id, id_external, name_machine, name_human, address_email, is_manager, is_auditor, is_publisher, is_insurer, is_financer, is_reviewer, is_editor, is_drafter, is_requester, is_locked, is_private, is_roler, settings from s_tables.t_users with check option; create view s_managers.v_users_update with (security_barrier=true) as - select id, id_external, name_machine, name_human, address_email, is_manager, is_auditor, is_publisher, is_insurer, is_financer, is_reviewer, is_editor, is_drafter, is_requester, is_locked, is_private, can_manage_roles, settings from s_tables.t_users + select id, id_external, name_machine, name_human, address_email, is_manager, is_auditor, is_publisher, is_insurer, is_financer, is_reviewer, is_editor, is_drafter, is_requester, is_locked, is_private, is_roler, settings from s_tables.t_users where not is_deleted with check option; create view s_managers.v_users_deleted with (security_barrier=true) as - select id, id_external, name_machine, name_human, address_email, is_administer, is_manager, is_auditor, is_publisher, is_insurer, is_financer, is_reviewer, is_editor, is_drafter, is_requester, is_locked, is_private, can_manage_roles, date_created, date_changed, date_synced, date_locked, settings from s_tables.t_users + select id, id_external, name_machine, name_human, address_email, is_administer, is_manager, is_auditor, is_publisher, is_insurer, is_financer, is_reviewer, is_editor, is_drafter, is_requester, is_locked, is_private, is_roler, date_created, date_changed, date_synced, date_locked, settings from s_tables.t_users where is_deleted; -- 1.8.3.1