Context Navigation

Permission.pm @ 1823

Visit:

Revision 1823, 26.1 kB (checked in by takayama, 20 months ago)
Fixed BugId:67959 * Added check for result of object loading
Property svn:keywords set to `Author Date Id Revision`

Line
1	# Movable Type (r) Open Source (C) 2001-2008 Six Apart, Ltd.
2	# This program is distributed under the terms of the
3	# GNU General Public License, version 2.
4	#
5	# $Id$
6
7	package MT::Permission;
8
9	use strict;
10
11	use MT::Blog;
12	use MT::Object;
13	@MT::Permission::ISA = qw(MT::Object);
14
15	__PACKAGE__->install_properties(
16	{
17	column_defs => {
18	'id' => 'integer not null auto_increment',
19	'author_id' => 'integer not null',
20	'blog_id' => 'integer not null',
21	'role_mask' => 'integer',
22
23	# These were only declared for MTE 1.5x; dropping them
24	# has no ill effect since they were never actually used.
25	# 'role_mask2' => 'integer', # for upgrades...
26	# 'role_mask3' => 'integer',
27	# 'role_mask4' => 'integer',
28	'permissions' => 'text',
29	'entry_prefs' => 'text',
30	'blog_prefs' => 'string(255)',
31	'template_prefs' => 'string(255)',
32	'restrictions' => 'text',
33	},
34	child_of => 'MT::Blog',
35	indexes => {
36	blog_id => 1,
37	author_id => 1,
38	role_mask => 1,
39	},
40	defaults => {
41	author_id => 0,
42	blog_id => 0,
43	role_mask => 0,
44	},
45	audit => 1,
46	datasource => 'permission',
47	primary_key => 'id',
48	}
49	);
50
51	sub class_label {
52	MT->translate("Permission");
53	}
54
55	sub class_label_plural {
56	MT->translate("Permissions");
57	}
58
59
60	sub user {
61	my $perm = shift;
62
63	#xxx Beware of circular references
64	return undef unless $perm->author_id;
65	$perm->cache_property(
66	'user',
67	sub {
68	require MT::Author;
69	MT::Author->load( $perm->author_id );
70	}
71	);
72	}
73	author = user;
74
75	sub blog {
76	my $perm = shift;
77	return undef unless $perm->blog_id;
78	$perm->cache_property(
79	'blog',
80	sub {
81	require MT::Blog;
82	MT::Blog->load( $perm->blog_id );
83	}
84	);
85	}
86
87	# Legend:
88	# author_id \|\| blog_id \|\| permissions
89	# N \|\| 0 \|\| System level privilege
90	# N \|\| N \|\| Author's Weblog level permissions
91	# 0 \|\| N \|\| Weblog default preferences of Entry Display (TBRemoved)
92	# 0 \|\| 0 \|\| !!BUG!!
93	# Permissions are stored in database like 'Perm1','Perm_2','Pe_rm_3'.
94	{
95	my @Perms;
96
97	sub init_permissions {
98	my $pkg = shift;
99	$pkg->perms() unless @Perms;
100	}
101
102	sub _all_perms {
103	my ($scope) = @_;
104	my @perms;
105	if ( my $perms = MT->registry("permissions") ) {
106	foreach my $p (%$perms) {
107	my ( $s, $name ) = split /\./, $p;
108	next unless $s && $name;
109	next unless $s eq $scope;
110	push @perms, "'$name'";
111	}
112	}
113	return join ',', @perms;
114	}
115
116	sub add_permissions {
117	my $perms = shift;
118
119	# This parameter can be any MT::Object that provides the
120	# permission field. So it works with MT::Permission and MT::Role.
121	my ($more_perm) = @_;
122	if ( my $more = $more_perm->permissions ) {
123	if ( $more =~ /'administer_blog'/ ) {
124	$more = _all_perms('blog');
125	}
126	my $cur_perm = $perms->permissions;
127	my @newperms;
128	for my $p ( split ',', $more ) {
129	$p =~ s/'(.+)'/$1/;
130	next if $perms->has($p);
131	push @newperms, $p;
132	}
133	return unless @newperms;
134	my $newperm = "'" . join( "','", @newperms ) . "'";
135	$newperm = "$cur_perm,$newperm" if $cur_perm;
136	$perms->permissions($newperm);
137	}
138	}
139
140	# Sets permissions of those in a particular set
141	sub set_full_permissions {
142	my $perms = shift;
143	$perms->set_permissions('blog');
144	}
145
146	sub set_permissions {
147	my $perms = shift;
148	__PACKAGE__->_set_these( $perms, 'permissions', @_ );
149	}
150
151	sub set_restrictions {
152	my $perms = shift;
153	__PACKAGE__->_set_these( $perms, 'restrictions', @_ );
154	}
155
156	sub _set_these {
157	my $pkg = shift;
158	my $perms = shift;
159	my ( $column, $set ) = @_;
160	my @permissions;
161	for my $ref ( @{ perms() } ) {
162	next if $set && ( $set ne '*' ) && ( $ref->[2] ne $set );
163	push @permissions, $ref->[0];
164	}
165	$perms->$column( "'" . join( "','", @permissions ) . "'" );
166	}
167
168	sub remove_restrictions {
169	my $perms = shift;
170	my (@perms) = @_;
171	my $cur_rest = $perms->restrictions;
172	return unless $cur_rest;
173	for my $perm_name (@perms) {
174	$cur_rest =~ s/'$perm_name',?//i;
175	}
176	$perms->restrictions($cur_rest);
177	}
178
179	# Clears all permissions or those in a particular set
180	sub clear_full_permissions {
181	my $perms = shift;
182	$perms->clear_permissions('blog');
183	}
184
185	sub clear_permissions {
186	my $perms = shift;
187	__PACKAGE__->_clear_these( $perms, 'permissions', @_ );
188	}
189
190	sub clear_restrictions {
191	my $perms = shift;
192	__PACKAGE__->_clear_these( $perms, 'restrictions', @_ );
193	}
194
195	sub _clear_these {
196	my $pkg = shift;
197	my $perms = shift;
198	my ( $column, $set ) = @_;
199	my $cur_perm = $perms->$column;
200	return unless $cur_perm;
201	for my $ref ( @{ perms() } ) {
202	next if $set && ( $set ne '*' ) && ( $ref->[2] ne $set );
203	my $perm_name = $ref->[0];
204	$cur_perm =~ s/'$perm_name',?//i;
205	}
206	$perms->$column($cur_perm);
207	}
208
209	sub perms {
210	my $pkg = shift;
211	unless (@Perms) {
212	if ( my $perms = MT->registry("permissions") ) {
213	foreach my $pk (%$perms) {
214	my ( $scope, $name ) = split /\./, $pk;
215	next unless $scope && $name;
216	my $label =
217	'CODE' eq ref( $perms->{$pk}{label} )
218	? $perms->{$pk}{label}->()
219	: $perms->{$pk}{label};
220	push @Perms, [ $name, $label \|\| '', $scope ];
221	}
222	__mk_perm($_) foreach @Perms;
223	}
224	}
225	if (@_) {
226	my $set = shift;
227	my @perms = grep { $_->[2] eq $set } @Perms;
228	\@perms;
229	}
230	else {
231	\@Perms;
232	}
233	}
234
235	my %Perms;
236
237	sub __mk_perm {
238	no strict 'refs';
239	my $ref = shift;
240	my $meth = 'can_' . $ref->[0];
241
242	$Perms{ $ref->[0] } = $ref;
243	my $set = $ref->[2];
244
245	return if defined *$meth;
246
247	*$meth = sub {
248	my $cur_perm = $_[0]->permissions;
249	return undef if !$cur_perm && ( @_ < 2 );
250	my $perm = substr $meth, 4; #remove 'can_'
251	if ( @_ == 2 ) {
252	if ( $_[1] ) {
253	return 1 if $_[0]->has($perm);
254	$cur_perm .= ',' if $cur_perm;
255	$cur_perm .= "'$perm'";
256	}
257	else {
258
259	# arg == 0 - remove it
260	$cur_perm =~ s/'$perm',?// if defined $cur_perm;
261	}
262	$_[0]->permissions($cur_perm);
263	}
264	else {
265	if ( my $author = $_[0]->author ) {
266	return 1
267	if ( ( $meth ne 'can_administer' )
268	&& $author->is_superuser );
269	return 1
270	if ( ( $set eq 'blog' )
271	&& $_[0]->has('administer_blog') );
272	}
273	}
274	return undef
275	if $_[0]->restrictions && $_[0]->restrictions =~ /'$perm'/i;
276	( defined($cur_perm) && $cur_perm =~ /'$perm'/i ) ? 1 : undef;
277	};
278	}
279
280	sub set_these_permissions {
281	my $perms = shift;
282	__PACKAGE__->_set_these_list( $perms, 'permissions', @_ );
283	}
284
285	sub set_these_restrictions {
286	my $perms = shift;
287	__PACKAGE__->_set_these_list( $perms, 'restrictions', @_ );
288	}
289
290	sub _set_these_list {
291	my $pkg = shift;
292	my $perms = shift;
293	my ( $column, @list ) = @_;
294	if ( ( ref $list[0] ) eq 'ARRAY' ) {
295	@list = @{ $list[0] };
296	}
297	foreach (@list) {
298	my $ref = $Perms{$_};
299	die "invalid permission" unless $ref;
300	next if $pkg->_check_if($perms, $column, $_);
301	my $val = $perms->$column \|\| '';
302	$val .= ',' if $val ne '';
303	$val .= "'" . $ref->[0] . "'";
304	$perms->$column($val);
305	}
306	}
307
308	sub add_permission {
309	my $pkg = shift;
310	my ($perm) = @_;
311	if ( ref $perm eq 'HASH' ) {
312	return unless $perm->{key} && $perm->{set};
313	my $ref = [ $perm->{key}, $perm->{label} \|\| '', $perm->{set} ];
314	push @Perms, $ref;
315	__mk_perm($ref);
316	}
317	elsif ( ref $perm eq 'ARRAY' ) {
318	push @Perms, $perm;
319	__mk_perm($perm);
320	}
321	}
322
323	# $perm->has() and $perm->is_restricted skips any fancy logic,
324	# returning true or false depending only on whether the bit is
325	# set in this record.
326	sub has {
327	my $this = shift;
328	__PACKAGE__->_check_if( $this, 'permissions', @_ );
329	}
330
331	sub is_restricted {
332	my $this = shift;
333	__PACKAGE__->_check_if( $this, 'restrictions', @_ );
334	}
335
336	sub _check_if {
337	my $pkg = shift;
338	my $this = shift;
339	my ( $column, $perm_name ) = @_;
340	my $cur_perm = $this->$column;
341	return 0 unless $cur_perm;
342	my $r = ( $cur_perm =~ /'$perm_name'/i ) ? 1 : 0;
343	return $r;
344	}
345	}
346
347	sub can_post {
348	my $perms = shift;
349	if ( my ($val) = @_ ) {
350	$perms->can_create_post($val);
351	$perms->can_publish_post($val);
352	return $val;
353	}
354	$perms->can_create_post && $perms->can_publish_post;
355	}
356
357	sub can_edit_authors {
358	my $perms = shift;
359	my $author = $perms->user;
360	$perms->can_administer_blog \|\| ( $author && $author->is_superuser() );
361	}
362
363	sub can_edit_entry {
364	my $perms = shift;
365	my ( $entry, $author, $status ) = @_;
366	die unless $author->isa('MT::Author');
367	return 1 if $author->is_superuser();
368	unless ( ref $entry ) {
369	require MT::Entry;
370	$entry = MT::Entry->load($entry)
371	or die;
372	}
373	die unless $entry->isa('MT::Entry');
374	if ( 'page' eq $entry->class ) {
375	return $perms->can_manage_pages;
376	}
377	return $perms->can_edit_all_posts
378	\|\| (
379	defined $status
380	? ( $perms->can_publish_post && $entry->author_id == $author->id )
381	: ( $perms->can_create_post && $entry->author_id == $author->id )
382	);
383	}
384
385	sub can_upload {
386	my $perms = shift;
387	if (@_) {
388	if (my $can = shift) {
389	$perms->set_these_permissions('upload');
390	} else {
391	$perms->clear_permissions('upload');
392	}
393	}
394	return $perms->can_edit_assets \|\| $perms->has('upload');
395	}
396
397	sub can_view_feedback {
398	my $perms = shift;
399	$perms->can_edit_all_posts
400	\|\| $perms->can_create_post
401	\|\| $perms->can_publish_post
402	\|\| $perms->can_manage_feedback;
403	}
404
405	sub is_empty {
406	my $perms = shift;
407	!( defined( $perms->permissions ) && $perms->permissions );
408	}
409
410	sub _static_rebuild {
411	my $pkg = shift;
412	my ($obj) = @_;
413
414	if ( $obj->isa('MT::Association') ) {
415	my $assoc = $obj;
416	if ( $assoc->role_id && $assoc->blog_id ) {
417	if ( $assoc->group_id ) {
418	my $grp = $assoc->group or return;
419	my $iter = $grp->user_iter;
420	while ( my $user = $iter->() ) {
421	my $perm = MT::Permission->get_by_key(
422	{
423	author_id => $user->id,
424	blog_id => $assoc->blog_id
425	}
426	);
427	$perm->rebuild;
428	}
429	}
430	elsif ( $assoc->author_id ) {
431	my $user = $assoc->user or return;
432	my $perm = MT::Permission->get_by_key(
433	{
434	author_id => $user->id,
435	blog_id => $assoc->blog_id
436	}
437	);
438	$perm->rebuild;
439	}
440	}
441	elsif ( $assoc->author_id && $assoc->group_id ) {
442
443	# rebuild permissions for author
444	my $grp = $assoc->group or return;
445	my $blog_iter = $grp->blog_iter;
446	my @blogs;
447	if ($blog_iter) {
448	while ( my $blog = $blog_iter->() ) {
449	push @blogs, $blog->id;
450	}
451	}
452	if (@blogs) {
453	foreach my $blog_id (@blogs) {
454	my $perm = MT::Permission->get_by_key(
455	{
456	author_id => $assoc->author_id,
457	blog_id => $blog_id,
458	}
459	);
460	$perm->rebuild;
461	}
462	}
463	}
464	}
465	1;
466	}
467
468	sub rebuild {
469	my $perm = shift;
470	if ( !ref $perm ) {
471	return $perm->_static_rebuild(@_);
472	}
473
474	# rebuild permissions for this user / blog
475	my $user_id = $perm->author_id;
476	my $blog_id = $perm->blog_id;
477
478	return unless $user_id && $blog_id;
479
480	# clean slate
481	$perm->clear_full_permissions;
482	my $has_permissions = 0;
483
484	# find all blogs for this user
485	my $user = MT::Author->load($user_id) or return;
486
487	my $role_iter = $user->role_iter( { blog_id => $blog_id } );
488	if ($role_iter) {
489	while ( my $role = $role_iter->() ) {
490	$perm->add_permissions($role);
491	$has_permissions = 1;
492	}
493	}
494
495	# find all blogs for this user through groups
496	$role_iter = $user->group_role_iter( { blog_id => $blog_id } );
497	if ($role_iter) {
498	while ( my $role = $role_iter->() ) {
499	$perm->add_permissions($role);
500	$has_permissions = 1;
501	}
502	}
503
504	if ($has_permissions) {
505	$perm->save;
506	}
507	else {
508	$perm->remove if $perm->id;
509	}
510	}
511
512	sub load_same {
513	my $pkg = shift;
514	my ( $terms, $args, $exact, @list ) = @_;
515	if ( ( ref $list[0] ) eq 'ARRAY' ) {
516	@list = @{ $list[0] };
517	}
518	foreach (@list) {
519	$_ =~ s/^([^'].+[^'])$/'$1'/;
520	}
521
522	my %terms = map { $_ => $terms->{$_} } keys %$terms;
523	my %args = map { $_ => $args->{$_} } keys %$args;
524	$args{like} = { 'permissions' => 1 };
525	my @ids;
526	my @roles = ();
527	for my $key (@list) {
528	$terms{permissions} = "%" . $key . "%";
529	$terms{id} = \@ids if scalar(@ids);
530
531	my @tmp_roles = $pkg->load( \%terms, \%args );
532	unless ( scalar @tmp_roles ) {
533	@roles = ();
534	last;
535	}
536	delete $args{not}; # not is used only the first time
537	@ids = map { $_->id } @tmp_roles;
538	@roles = @tmp_roles;
539	}
540	return ( wantarray ? () : undef ) unless scalar(@roles);
541	if ($exact) {
542	my $base_len = length( join( ',', @list ) );
543	@roles = grep { length( $_->permissions ) == $base_len } @roles;
544	}
545	return wantarray ? @roles : ( ( scalar @roles ) ? $roles[0] : undef );
546	}
547
548	sub to_hash {
549	my $perms = shift;
550	my $hash = {}; # $perms->SUPER::to_hash(@_);
551	my $all_perms = MT::Permission->perms();
552	foreach (@$all_perms) {
553	my $perm = $_->[0];
554	$perm = 'can_' . $perm;
555	$hash->{"permission.$perm"} = $perms->$perm();
556	}
557	$hash;
558	}
559
560	1;
561	__END__
562
563	=head1 NAME
564
565	MT::Permission - Movable Type permissions record
566
567	=head1 SYNOPSIS
568
569	use MT::Permission;
570	my $perms = MT::Permission->load({ blog_id => $blog->id,
571	author_id => $author->id })
572	or die "User has no permissions for blog";
573	$perms->can_create_post
574	or die "User cannot publish to blog";
575
576	$perms->can_edit_config(0);
577	$perms->save
578	or die $perms->errstr;
579
580	=head1 DESCRIPTION
581
582	An I<MT::Permission> object represents the permissions settings for a user
583	in a particular blog. Permissions are set on a role basis, and each permission
584	is either on or off for an user-blog combination; permissions are stored as
585	a bitmask.
586
587	Note: The I<MT::Permission> object is not meant to be modified or created
588	directly. Permissions should be assigned to users through role associations,
589	or through MT::Author's can_xxx methods for system level privileges.
590	The I<MT::Permission> object is actually managed by Movable Type purely, and
591	is a flattened view of all the permissions a particular user has for a single
592	blog. Users' system level privileges are also stored in MT::Permission record
593	with blog_id = 0.
594
595	=head1 USAGE
596
597	As a subclass of I<MT::Object>, I<MT::Permission> inherits all of the
598	data-management and -storage methods from that class; thus you should look
599	at the I<MT::Object> documentation for details about creating a new object,
600	loading an existing object, saving an object, etc.
601
602	The following methods are unique to the I<MT::Permission> interface. Each of
603	these methods, B<except> for I<set_full_permissions>, can be called with an
604	optional argument to turn the permission on or off. If the argument is some
605	true value, the permission is enabled; otherwise, the permission is disabled.
606	If no argument is provided at all, the existing permission setting is
607	returned.
608
609	=head2 MT::Permission->perms( [ $set ] )
610
611	Returns an array reference containing the list of available permissions. The
612	array is a list of permissions, each of which is an array reference with
613	the following items:
614
615	[ key, label, set ]
616
617	The 'key' element is the value of that permission and is also a unique
618	identifier that is used to identify the permission. Declared permissions
619	may be tested through a 'can' method that is added to the MT::Permission
620	namespace when registering them. So if you register with a 'key' value
621	of 'foo', this creates a method 'can_foo', which may be tested for like this:
622
623	my $perm = $app->permissions;
624	if ($perm->can_foo) {
625	$app->foo;
626	}
627
628	The 'label' element is a phrase that identifies the permission.
629
630	The 'set' element identifies which group or category of permissions the
631	permission is associated with. Currently, there are two sets of
632	permissions: 'blog' and 'system'.
633
634	If you call the perms method with the $set parameter, it will only return
635	permissions declared with that 'set' identifier.
636
637	=head2 MT::Permission->add_permission( \%perm )
638
639	=head2 MT::Permission->add_permission( \@perm )
640
641	Both of these methods can be used to register a new permission with
642	Movable Type.
643
644	Note: It is not advisable to call these method to register custom permissions
645	without having preregistered for one from Six Apart, Ltd. This will
646	reserve your permission and allow it to coexist with other plugins and
647	future permissions defined by Movable Type itself.
648
649	When calling add_permission with a hashref, you should specify these
650	elements in the hash:
651
652	=over 4
653
654	=item * key
655
656	=item * label
657
658	=item * set
659
660	=back
661
662	See the 'perms' method documentation for more information on these
663	elements.
664
665	If calling the add_permission method with an arrayref, you should
666	specify the elements of the array in the same order as given by
667	the 'perms' method. You may only register one permission per call
668	to the add_permission method.
669
670	=head2 $perms->set_full_permissions()
671
672	Turns on all blog-level permissions.
673
674	=head2 $perms->clear_full_permissions()
675
676	Turns off all permissions.
677
678	=head2 $perms->set_permissions($set)
679
680	Sets all permissions identified by the group C<$set> (use '*' to include
681	all permissions regardless of grouping).
682
683	=head2 $perms->clear_permissions($set)
684
685	Clears all permissions identified by the group C<$set> (use '*' to include
686	all permissions regardless of grouping).
687
688	=head2 $perms->add_permissions($more_perms)
689
690	Adds C<$more_perms> to C<$perms>.
691
692	=head2 $perms->set_these_permissions(@permission_names)
693
694	Adds permissions (enabling them) to the existing permission object.
695
696	$perms->set_these_permissions('view_blog_log', 'create_post');
697
698	=head2 MT::Permission->rebuild($assoc)
699
700	Rebuilds permission objects affected by the given L<MT::Association> object.
701
702	=head2 $perms->rebuild()
703
704	Rebuilds the single permission object based on the user/group/role/blog
705	relationships that can be found for the author and blog tied to the
706	permission.
707
708	=head2 $perms->has($permission_name)
709
710	Returns true or false depending only on whether the bit identified by
711	C<$permission_name> is set in this permission object.
712
713	=head2 $perms->can_administer_blog
714
715	Returns true if the user can administer the blog. This is a blog-level
716	"superuser" capability.
717
718	=head2 $perms->can_create_post
719
720	Returns true if the user can post to the blog , and edit the entries that
721	he/she has posted; false otherwise.
722
723	=head2 $perms->can_publish_post
724
725	Returns true if the user can publish his/her post; false otherwise.
726
727	=head2 $perms->can_post
728
729	(Backward compatibility API) Returns true if the user can post to the blog,
730	and edit the entries that he/she has posted and publish the post; false otherwise.
731
732	=head2 $perms->can_upload
733
734	Returns true if the user can upload files to the blog directories specified
735	for this blog, false otherwise.
736
737	=head2 $perms->can_edit_all_posts
738
739	Returns true if the user can edit B<all> entries posted to this blog (even
740	entries that he/she did not write), false otherwise.
741
742	=head2 $perms->can_edit_templates
743
744	Returns true if the user can edit the blog's templates, false otherwise.
745
746	=head2 $perms->can_send_notifications
747
748	Returns true if the user can send messages to the notification list, false
749	otherwise.
750
751	=head2 $perms->can_edit_categories
752
753	Returns true if the user can edit the categories defined for the blog, false
754	otherwise.
755
756	=head2 $perms->can_edit_tags
757
758	Returns true if the user can edit the tags defined for the blog, false
759	otherwise.
760
761	=head2 $perms->can_edit_notifications
762
763	Returns true if the user can edit the notification list for the blog, false
764	otherwise.
765
766	=head2 $perms->can_view_blog_log
767
768	Returns true if the user can view the activity log for the blog, false
769	otherwise.
770
771	=head2 $perms->can_rebuild
772
773	Returns true if the user can edit the rebuild the blog, false otherwise.
774
775	=head2 $perms->can_edit_config
776
777	Returns true if the user can edit the blog configuration, false otherwise.
778
779	(Backward compatibility warning) can_edit_config no longer means the user
780	can set and modify publishing paths (site_path, site_url, archive_path and
781	archive_url) for the weblog. Use can_set_publish_paths.
782
783	=head2 $perms->can_set_publish_paths
784
785	Returns true if the user can set publishing paths, false otherwise.
786
787	=head2 $perms->can_edit_authors()
788
789	Returns true if the 'administer_blog' permission is set or the associated
790	author has superuser rights.
791
792	=head2 $perms->can_edit_entry($entry, $author)
793
794	Returns true if the C<$author> has rights to edit entry C<$entry>. This
795	is always true if C<$author> is a superuser or can edit all posts or
796	is a blog administrator for the blog that contains the entry. Otherwise,
797	it returns true if the author has permission to post and the entry was
798	authored by that author, false otherwise.
799
800	The C<$entry> parameter can either be a I<MT::Entry> object or an entry id.
801
802	=head2 $perms->can_manage_feedback
803
804	Returns true if the C<$author> has rights to manage feedbacks (comments
805	and trackbacks) as well as IP ban list.
806
807	=head2 $perms->can_view_feedback
808
809	TODO Returns true if permission indicates the user can list comments and trackbacks.
810
811	=head2 $perms->can_administer
812
813	Returns true if the user in question is a system administrator, false otherwise.
814
815	=head2 $perms->can_view_log
816
817	Returns true if the user can view system level activity log, false otherwise.
818
819	=head2 $perms->can_create_blog
820
821	Returns true if the user can create a new weblog, false otherwise.
822
823	=head2 $perms->can_manage_plugins
824
825	Returns true if the user can enable/disable, and configure plugins in system level,
826	false otherwise.
827
828	=head2 $perms->can_not_comment
829
830	Returns true if the user has been banned from commenting on the blog.
831	This permission is used for authenticated commenters.
832
833	=head2 $perms->can_comment
834
835	Returns true if the user has been approved for commenting on the blog.
836	This permission is used for authenticated commenters.
837
838	=head2 $perms->blog
839
840	Returns the I<MT::Blog> object for this permission object.
841
842	=head2 $perms->user
843
844	=head2 $perms->author
845
846	Returns the I<MT::Author> object for this permission object. The C<author>
847	method is deprecated in favor of C<user>.
848
849	=head2 $perms->to_hash
850
851	Returns a hashref that represents the contents of the permission object.
852	Elements are in the form of (enabled permissions are set, disabled
853	permissions are set to 0):
854
855	{ 'permission.can_edit_templates' => 16,
856	'permission.can_rebuild' => 0,
857	# ....
858	'permission.can_create_post' => 2 }
859
860	=head2 $class->load_same($terms, $args, $exact, @list)
861
862	Returns an array or an object depending on context, of permission records
863	which have specified list of permissions. If $exact is set to True, permission
864	records which have exact match to the list are returned. $terms and $args
865	can be used to further narrow down results.
866
867	=head1 DATA ACCESS METHODS
868
869	The I<MT::Comment> object holds the following pieces of data. These fields can
870	be accessed and set using the standard data access methods described in the
871	I<MT::Object> documentation.
872
873	=over 4
874
875	=item * id
876
877	The numeric ID of this permissions record.
878
879	=item * author_id
880
881	The numeric ID of the user associated with this permissions record.
882
883	=item * blog_id
884
885	The numeric ID of the blog associated with this permissions record.
886
887	=item * role_mask
888
889	=item * role_mask2
890
891	=item * role_mask3
892
893	=item * role_mask4
894
895	These bitmask fields are deprecated in favor of text based permissions
896	column.
897
898	=item * permissions
899
900	Permissions are stored in this column like 'Perm1','Perm_2','Pe_rm_3'.
901
902	=item * entry_prefs
903
904	The setting of display fields of "edit entry" page. The value
905	at author_id 0 means default setting of a blog.
906
907	=item * template_prefs
908
909	The setting of display "edit template" page. The value
910	at author_id 0 means default setting of a blog.
911
912	=back
913
914	=head1 DATA LOOKUP
915
916	In addition to numeric ID lookup, you can look up or sort records by any
917	combination of the following fields. See the I<load> documentation in
918	I<MT::Object> for more information.
919
920	=over 4
921
922	=item * blog_id
923
924	=item * author_id
925
926	=back
927
928	=head1 AUTHOR & COPYRIGHTS
929
930	Please see the I<MT> manpage for user, copyright, and license information.
931
932	=cut

Note: See TracBrowser for help on using the browser.

Context Navigation

root/branches/release-34/lib/MT/Permission.pm @ 1823

Download in other formats: