/products/photocrati_nextgen/modules/security/package.module.security.php

  1. <?php 
  2. /** 
  3.  * Class A_Security_Factory 
  4.  * @mixin C_Component_Factory 
  5.  * @adapts I_Component_Factory 
  6.  */ 
  7. class A_Security_Factory extends Mixin 
  9.   function wordpress_security_manager($context = FALSE) 
  11.       return new C_WordPress_Security_Manager($context); 
  13.   function security_manager($context = FALSE) 
  15.       return $this->object->wordpress_security_manager($context); 
  17.   function wordpress_security_actor($context = FALSE) 
  19.       return new C_WordPress_Security_Actor($context); 
  21.   function wordpress_security_token($context = FALSE) 
  23.       return new C_Wordpress_Security_Token($context); 
  25.   function security_token($context) 
  27.       return $this->object->wordpress_security_token($context); 
  30. class Mixin_Security_Actor extends Mixin 
  32.   function add_capability($capability_name) 
  34.       return false; 
  36.   function remove_capability($capability_name) 
  38.       return false; 
  40.   function is_allowed($capability_name, $args = null) 
  42.       return false; 
  44.   function is_user() 
  46.       return false; 
  49. class Mixin_Security_Actor_Entity extends Mixin 
  51.   var $entity_object = null; 
  52.   var $entity_props = null; 
  53.   // Note, an Actor with null $entity is considered a "Guest", i.e. no privileges 
  54.   function set_entity($entity, $entity_props = null) 
  56.       $this->object->entity_object = $entity; 
  57.       $this->object->entity_props = $entity_props; 
  59.   function get_entity($entity = null) 
  61.       if ($entity == null) { 
  62.           $entity = $this->object->entity_object; 
  64.       if ($entity != null && $entity == $this->object->entity_object) { 
  65.           return $entity; 
  67.       return null; 
  69.   function get_entity_id($entity = null) 
  71.       $entity = $this->object->get_entity($entity); 
  72.       if ($entity != null) { 
  73.           $entity_props = $this->object->entity_props; 
  74.           if (isset($entity_props['id'])) { 
  75.               return $entity_props['id']; 
  78.       return null; 
  80.   function get_entity_type($entity = null) 
  82.       $entity = $this->object->get_entity($entity); 
  83.       if ($entity != null) { 
  84.           $entity_props = $this->object->entity_props; 
  85.           if (isset($entity_props['type'])) { 
  86.               return $entity_props['type']; 
  89.       return null; 
  92. // XXX not used yet 
  93. class Mixin_Security_Entity_List extends Mixin 
  95.   var $_entity_list; 
  96.   function add_entity($entity, $entity_props = null) 
  98.       if (!$this->object->is_entity($entity)) { 
  99.           $entity_props = array_merge((array) $entity_props, array('object' => $entity)); 
  100.           $this->object->_entity_list[] = $entity_props; 
  103.   function remove_entity($entity) 
  105.       if ($this->object->is_entity($entity)) { 
  108.   function is_entity($entity) 
  110.       return $this->object->get_entity_set($entity); 
  112.   function get_entity_set($entity) 
  114.       foreach ($this->_entity_list as $entity_set) { 
  117.   function get_entity_id($entity) 
  120.   function get_entity_type($entity) 
  124. /** 
  125.  * Class C_Security_Actor 
  126.  * @mixin Mixin_Security_Actor 
  127.  * @mixin Mixin_Security_Actor_Entity 
  128.  * @implements I_Security_Actor 
  129.  */ 
  130. class C_Security_Actor extends C_Component 
  132.   function define($context = FALSE) 
  134.       parent::define($context); 
  135.       $this->implement('I_Security_Actor'); 
  136.       $this->add_mixin('Mixin_Security_Actor'); 
  137.       $this->add_mixin('Mixin_Security_Actor_Entity'); 
  140. class Mixin_Security_Manager extends Mixin 
  142.   function is_allowed($capability_name, $args = null) 
  144.       $actor = $this->object->get_current_actor(); 
  145.       if ($actor != null) { 
  146.           return $actor->is_allowed($capability_name, $args); 
  148.       return false; 
  150.   function get_actor($actor_id, $actor_type = null, $args = null) 
  152.       return null; 
  154.   function get_current_actor() 
  156.       return null; 
  159. class Mixin_Security_Manager_Request extends Mixin 
  161.   function get_request_token($action_name, $args = null) 
  163.       return null; 
  166. /** 
  167.  * Class C_Security_Manager 
  168.  * @mixin Mixin_Security_Manager 
  169.  * @mixin Mixin_Security_Manager_Request 
  170.  * @implements I_Security_Manager 
  171.  */ 
  172. class C_Security_Manager extends C_Component 
  174.   static $_instances = array(); 
  175.   function define($context = FALSE) 
  177.       parent::define($context); 
  178.       $this->implement('I_Security_Manager'); 
  179.       $this->add_mixin('Mixin_Security_Manager'); 
  180.       $this->add_mixin('Mixin_Security_Manager_Request'); 
  182.   static function get_instance($context = False) 
  184.       if (!isset(self::$_instances[$context])) { 
  185.           self::$_instances[$context] = new C_Security_Manager($context); 
  187.       return self::$_instances[$context]; 
  190. class Mixin_Security_Token extends Mixin 
  192.   function get_request_list($args = null) 
  194.       return array(); 
  196.   function get_form_html($args = null) 
  198.       return null; 
  200.   function check_request($request_values) 
  202.       return false; 
  204.   function check_current_request() 
  206.       return $this->object->check_request($_REQUEST); 
  209. class Mixin_Security_Token_Property extends Mixin 
  211.   var $_action_name; 
  212.   var $_args; 
  213.   function init_token($action_name, $args = null) 
  215.       $this->object->_action_name = $action_name; 
  216.       $this->object->_args = $args; 
  218.   function get_action_name() 
  220.       return $this->object->_action_name; 
  222.   function get_property($name) 
  224.       if (isset($this->object->_args[$name])) { 
  225.           return $this->object->_args[$name]; 
  227.       return null; 
  229.   function get_property_list() 
  231.       return array_keys((array) $this->object->_args); 
  234. /** 
  235.  * Class C_Security_Token 
  236.  * @mixin Mixin_Security_Token 
  237.  * @mixin Mixin_Security_Token_Property 
  238.  * @implements I_Security_Token 
  239.  */ 
  240. class C_Security_Token extends C_Component 
  242.   function define($context = FALSE) 
  244.       parent::define($context); 
  245.       $this->implement('I_Security_Token'); 
  246.       $this->add_mixin('Mixin_Security_Token'); 
  247.       $this->add_mixin('Mixin_Security_Token_Property'); 
  250. class Mixin_WordPress_Security_Actor extends Mixin 
  252.   function add_capability($capability_name) 
  254.       $entity = $this->object->get_entity(); 
  255.       if ($entity != null) { 
  256.           $capability_name = $this->object->get_native_action($capability_name); 
  257.           $entity->add_cap($capability_name); 
  258.           return true; 
  260.       return false; 
  262.   function remove_capability($capability_name) 
  264.       $entity = $this->object->get_entity(); 
  265.       if ($entity != null && $this->object->is_allowed($capability_name)) { 
  266.           $capability_name = $this->object->get_native_action($capability_name); 
  267.           $entity->remove_cap($capability_name); 
  268.           return true; 
  270.       return false; 
  272.   function is_allowed($capability_name, $args = null) 
  274.       $entity = $this->object->get_entity(); 
  275.       if ($entity != null) { 
  276.           $capability_name = $this->object->get_native_action($capability_name, $args); 
  277.           return $entity->has_cap($capability_name); 
  279.       return false; 
  281.   function is_user() 
  283.       return $this->object->get_entity_type() == 'user'; 
  285.   function get_native_action($capability_name, $args = null) 
  287.       return $capability_name; 
  290. class Mixin_WordPress_Security_Action_Converter extends Mixin 
  292.   function get_native_action($capability_name, $args = null) 
  294.       switch ($capability_name) { 
  295.           case 'nextgen_edit_settings': 
  296.               $capability_name = 'NextGEN Change options'; 
  297.               break; 
  298.           case 'nextgen_edit_style': 
  299.               $capability_name = 'NextGEN Change style'; 
  300.               break; 
  301.           case 'nextgen_edit_display_settings': 
  302.               $capability_name = 'NextGEN Change options'; 
  303.               break; 
  304.           case 'nextgen_edit_displayed_gallery': 
  305.               $capability_name = 'NextGEN Attach Interface'; 
  306.               break; 
  307.           case 'nextgen_edit_gallery': 
  308.               $capability_name = 'NextGEN Manage gallery'; 
  309.               break; 
  310.           case 'nextgen_edit_gallery_unowned': 
  311.               $capability_name = 'NextGEN Manage others gallery'; 
  312.               break; 
  313.           case 'nextgen_upload_image': 
  314.               $capability_name = 'NextGEN Upload images'; 
  315.               break; 
  316.           case 'nextgen_edit_album_settings': 
  317.               $capability_name = 'NextGEN Edit album settings'; 
  318.               break; 
  319.           case 'nextgen_edit_album': 
  320.               $capability_name = 'NextGEN Edit album'; 
  321.               break; 
  323.       return $capability_name; 
  326. /** 
  327.  * Class C_WordPress_Security_Actor 
  328.  * @mixin Mixin_WordPress_Security_Actor 
  329.  * @mixin Mixin_WordPress_Security_Action_Converter 
  330.  */ 
  331. class C_WordPress_Security_Actor extends C_Security_Actor 
  333.   function define($context = FALSE) 
  335.       parent::define($context); 
  336.       $this->add_mixin('Mixin_WordPress_Security_Actor'); 
  337.       $this->add_mixin('Mixin_WordPress_Security_Action_Converter'); 
  340. class Mixin_WordPress_Security_Manager extends Mixin 
  342.   function get_actor($actor_id, $actor_type = null, $args = null) 
  344.       if ($actor_type == null) { 
  345.           $actor_type = 'user'; 
  347.       $object = null; 
  348.       if ($actor_id != null) { 
  349.           switch ($actor_type) { 
  350.               case 'user': 
  351.                   $object = get_userdata($actor_id); 
  352.                   if ($object == false) { 
  353.                       $object = null; 
  355.                   break; 
  356.               case 'role': 
  357.                   $object = get_role($actor_id); 
  358.                   if ($object == false) { 
  359.                       $object = null; 
  361.                   break; 
  364.       if ($object != null) { 
  365.           $factory = C_Component_Factory::get_instance(); 
  366.           $actor = $factory->create('wordpress_security_actor', $actor_type); 
  367.           $entity_props = array('type' => $actor_type, 'id' => $actor_id); 
  368.           $actor->set_entity($object, $entity_props); 
  369.           return $actor; 
  371.       return $this->object->get_guest_actor(); 
  373.   function get_current_actor() 
  375.       // If the current_user has an id of 0, then perhaps something went wrong 
  376.       // with trying to parse the cookie. In that case, we'll force WordPress to try 
  377.       // again 
  378.       global $current_user; 
  379.       if ($current_user->ID == 0) { 
  380.           if (isset($GLOBALS['HTTP_COOKIE_VARS']) && isset($GLOBALS['_COOKIE'])) { 
  381.               $current_user = NULL; 
  382.               foreach ($GLOBALS['HTTP_COOKIE_VARS'] as $key => $value) { 
  383.                   if (!isset($_COOKIE[$key])) { 
  384.                       $_COOKIE[$key] = $value; 
  389.       return $this->object->get_actor(get_current_user_id(), 'user'); 
  391.   function get_guest_actor() 
  393.       $factory = C_Component_Factory::get_instance(); 
  394.       $actor = $factory->create('wordpress_security_actor', 'user'); 
  395.       $entity_props = array('type' => 'user'); 
  396.       $actor->set_entity(null, $entity_props); 
  397.       return $actor; 
  400. class Mixin_WordPress_Security_Manager_Request extends Mixin 
  402.   function get_request_token($action_name, $args = null) 
  404.       $factory = C_Component_Factory::get_instance(); 
  405.       $token = $factory->create('wordpress_security_token'); 
  406.       $token->init_token($action_name, $args); 
  407.       return $token; 
  410. /** 
  411.  * Class C_WordPress_Security_Manager 
  412.  * @mixin Mixin_WordPress_Security_Manager 
  413.  * @mixin Mixin_WordPress_Security_Manager_Request 
  414.  */ 
  415. class C_WordPress_Security_Manager extends C_Security_Manager 
  417.   static $_instances = array(); 
  418.   function define($context = FALSE) 
  420.       parent::define($context); 
  421.       $this->add_mixin('Mixin_WordPress_Security_Manager'); 
  422.       $this->add_mixin('Mixin_WordPress_Security_Manager_Request'); 
  424.   static function get_instance($context = False) 
  426.       if (!isset(self::$_instances[$context])) { 
  427.           $klass = get_class(); 
  428.           self::$_instances[$context] = new $klass($context); 
  430.       return self::$_instances[$context]; 
  433. class Mixin_Wordpress_Security_Token extends Mixin 
  435.   function get_request_list($args = null) 
  437.       $prefix = isset($args['prefix']) ? $args['prefix'] : null; 
  438.       $action_name = $this->object->get_action_name(); 
  439.       $list = array(); 
  440.       if ($prefix != null) { 
  441.           $list[$action_name . '_prefix'] = $prefix; 
  443.       $action = $this->object->get_nonce_name(); 
  444.       $list[$prefix . $action_name . '_sec'] = wp_create_nonce($action); 
  445.       return $list; 
  447.   function get_form_html($args = null) 
  449.       $list = $this->object->get_request_list($args); 
  450.       $out = null; 
  451.       foreach ($list as $name => $value) { 
  452.           $out .= '<input type="hidden" name="' . esc_attr($name) . '" value="' . esc_attr($value) . '" />'; 
  454.       return $out; 
  456.   function get_json($args = null) 
  458.       $list = $this->object->get_request_list($args); 
  459.       return json_encode($list); 
  461.   function check_request($request_values) 
  463.       $action_name = $this->object->get_action_name(); 
  464.       $action = $this->object->get_nonce_name(); 
  465.       $prefix = isset($request_values[$action_name . '_prefix']) ? $request_values[$action_name . '_prefix'] : null; 
  466.       if (isset($request_values[$prefix . $action_name . '_sec'])) { 
  467.           $nonce = $request_values[$prefix . $action_name . '_sec']; 
  468.           $result = wp_verify_nonce($nonce, $action); 
  469.           if ($result) { 
  470.               return true; 
  473.       return false; 
  475.   function get_nonce_name() 
  477.       $action_name = $this->object->get_action_name(); 
  478.       $prop_list = $this->object->get_property_list(); 
  479.       $action = $action_name; 
  480.       foreach ($prop_list as $prop_name) { 
  481.           $property = $this->object->get_property($prop_name); 
  482.           $action .= '_' . strval($property); 
  484.       return $action; 
  487. class Mixin_Wordpress_Security_Token_MVC extends Mixin 
  489.   function check_request($request_values) 
  491.       // XXX check URL parameters passed with the MVC module 
  492.       // 
  493.       return $this->call_parent('check_request', $request_values); 
  496. /** 
  497.  * Class C_Wordpress_Security_Token 
  498.  * @mixin Mixin_Wordpress_Security_Token 
  499.  * @mixin Mixin_Wordpress_Security_Token_MVC 
  500.  */ 
  501. class C_Wordpress_Security_Token extends C_Security_Token 
  503.   function define($context = FALSE) 
  505.       parent::define($context); 
  506.       $this->add_mixin('Mixin_Wordpress_Security_Token'); 
  507.       $this->add_mixin('Mixin_Wordpress_Security_Token_MVC'); 
.