/products/photocrati_nextgen/modules/security/package.module.security.php

  1. <?php 
  2. /** 
  3. * Class A_Security_Factory 
  4. * @mixin C_Component_Factory 
  5. * @adapts I_Component_Factory 
  6. */ 
  7. class A_Security_Factory extends Mixin 
  8. function wordpress_security_manager($context = FALSE) 
  9. return new C_WordPress_Security_Manager($context); 
  10. function security_manager($context = FALSE) 
  11. return $this->object->wordpress_security_manager($context); 
  12. function wordpress_security_actor($context = FALSE) 
  13. return new C_WordPress_Security_Actor($context); 
  14. function wordpress_security_token($context = FALSE) 
  15. return new C_Wordpress_Security_Token($context); 
  16. function security_token($context) 
  17. return $this->object->wordpress_security_token($context); 
  18. class Mixin_Security_Actor extends Mixin 
  19. function add_capability($capability_name) 
  20. return false; 
  21. function remove_capability($capability_name) 
  22. return false; 
  23. function is_allowed($capability_name, $args = null) 
  24. return false; 
  25. function is_user() 
  26. return false; 
  27. class Mixin_Security_Actor_Entity extends Mixin 
  28. var $entity_object = null; 
  29. var $entity_props = null; 
  30. // Note, an Actor with null $entity is considered a "Guest", i.e. no privileges 
  31. function set_entity($entity, $entity_props = null) 
  32. $this->object->entity_object = $entity; 
  33. $this->object->entity_props = $entity_props; 
  34. function get_entity($entity = null) 
  35. if ($entity == null) { 
  36. $entity = $this->object->entity_object; 
  37. if ($entity != null && $entity == $this->object->entity_object) { 
  38. return $entity; 
  39. return null; 
  40. function get_entity_id($entity = null) 
  41. $entity = $this->object->get_entity($entity); 
  42. if ($entity != null) { 
  43. $entity_props = $this->object->entity_props; 
  44. if (isset($entity_props['id'])) { 
  45. return $entity_props['id']; 
  46. return null; 
  47. function get_entity_type($entity = null) 
  48. $entity = $this->object->get_entity($entity); 
  49. if ($entity != null) { 
  50. $entity_props = $this->object->entity_props; 
  51. if (isset($entity_props['type'])) { 
  52. return $entity_props['type']; 
  53. return null; 
  54. // XXX not used yet 
  55. class Mixin_Security_Entity_List extends Mixin 
  56. var $_entity_list; 
  57. function add_entity($entity, $entity_props = null) 
  58. if (!$this->object->is_entity($entity)) { 
  59. $entity_props = array_merge((array) $entity_props, array('object' => $entity)); 
  60. $this->object->_entity_list[] = $entity_props; 
  61. function remove_entity($entity) 
  62. if ($this->object->is_entity($entity)) { 
  63. function is_entity($entity) 
  64. return $this->object->get_entity_set($entity); 
  65. function get_entity_set($entity) 
  66. foreach ($this->_entity_list as $entity_set) { 
  67. function get_entity_id($entity) 
  68. function get_entity_type($entity) 
  69. /** 
  70. * Class C_Security_Actor 
  71. * @mixin Mixin_Security_Actor 
  72. * @mixin Mixin_Security_Actor_Entity 
  73. * @implements I_Security_Actor 
  74. */ 
  75. class C_Security_Actor extends C_Component 
  76. function define($context = FALSE) 
  77. parent::define($context); 
  78. $this->implement('I_Security_Actor'); 
  79. $this->add_mixin('Mixin_Security_Actor'); 
  80. $this->add_mixin('Mixin_Security_Actor_Entity'); 
  81. class Mixin_Security_Manager extends Mixin 
  82. function is_allowed($capability_name, $args = null) 
  83. $actor = $this->object->get_current_actor(); 
  84. if ($actor != null) { 
  85. return $actor->is_allowed($capability_name, $args); 
  86. return false; 
  87. function get_actor($actor_id, $actor_type = null, $args = null) 
  88. return null; 
  89. function get_current_actor() 
  90. return null; 
  91. class Mixin_Security_Manager_Request extends Mixin 
  92. function get_request_token($action_name, $args = null) 
  93. return null; 
  94. /** 
  95. * Class C_Security_Manager 
  96. * @mixin Mixin_Security_Manager 
  97. * @mixin Mixin_Security_Manager_Request 
  98. * @implements I_Security_Manager 
  99. */ 
  100. class C_Security_Manager extends C_Component 
  101. static $_instances = array(); 
  102. function define($context = FALSE) 
  103. parent::define($context); 
  104. $this->implement('I_Security_Manager'); 
  105. $this->add_mixin('Mixin_Security_Manager'); 
  106. $this->add_mixin('Mixin_Security_Manager_Request'); 
  107. static function get_instance($context = False) 
  108. if (!isset(self::$_instances[$context])) { 
  109. self::$_instances[$context] = new C_Security_Manager($context); 
  110. return self::$_instances[$context]; 
  111. class Mixin_Security_Token extends Mixin 
  112. function get_request_list($args = null) 
  113. return array(); 
  114. function get_form_html($args = null) 
  115. return null; 
  116. function check_request($request_values) 
  117. return false; 
  118. function check_current_request() 
  119. return $this->object->check_request($_REQUEST); 
  120. class Mixin_Security_Token_Property extends Mixin 
  121. var $_action_name; 
  122. var $_args; 
  123. function init_token($action_name, $args = null) 
  124. $this->object->_action_name = $action_name; 
  125. $this->object->_args = $args; 
  126. function get_action_name() 
  127. return $this->object->_action_name; 
  128. function get_property($name) 
  129. if (isset($this->object->_args[$name])) { 
  130. return $this->object->_args[$name]; 
  131. return null; 
  132. function get_property_list() 
  133. return array_keys((array) $this->object->_args); 
  134. /** 
  135. * Class C_Security_Token 
  136. * @mixin Mixin_Security_Token 
  137. * @mixin Mixin_Security_Token_Property 
  138. * @implements I_Security_Token 
  139. */ 
  140. class C_Security_Token extends C_Component 
  141. function define($context = FALSE) 
  142. parent::define($context); 
  143. $this->implement('I_Security_Token'); 
  144. $this->add_mixin('Mixin_Security_Token'); 
  145. $this->add_mixin('Mixin_Security_Token_Property'); 
  146. class Mixin_WordPress_Security_Actor extends Mixin 
  147. function add_capability($capability_name) 
  148. $entity = $this->object->get_entity(); 
  149. if ($entity != null) { 
  150. $capability_name = $this->object->get_native_action($capability_name); 
  151. $entity->add_cap($capability_name); 
  152. return true; 
  153. return false; 
  154. function remove_capability($capability_name) 
  155. $entity = $this->object->get_entity(); 
  156. if ($entity != null && $this->object->is_allowed($capability_name)) { 
  157. $capability_name = $this->object->get_native_action($capability_name); 
  158. $entity->remove_cap($capability_name); 
  159. return true; 
  160. return false; 
  161. function is_allowed($capability_name, $args = null) 
  162. $entity = $this->object->get_entity(); 
  163. if ($entity != null) { 
  164. $capability_name = $this->object->get_native_action($capability_name, $args); 
  165. return $entity->has_cap($capability_name); 
  166. return false; 
  167. function is_user() 
  168. return $this->object->get_entity_type() == 'user'; 
  169. function get_native_action($capability_name, $args = null) 
  170. return $capability_name; 
  171. class Mixin_WordPress_Security_Action_Converter extends Mixin 
  172. function get_native_action($capability_name, $args = null) 
  173. switch ($capability_name) { 
  174. case 'nextgen_edit_settings': 
  175. $capability_name = 'NextGEN Change options'; 
  176. break; 
  177. case 'nextgen_edit_style': 
  178. $capability_name = 'NextGEN Change style'; 
  179. break; 
  180. case 'nextgen_edit_display_settings': 
  181. $capability_name = 'NextGEN Change options'; 
  182. break; 
  183. case 'nextgen_edit_displayed_gallery': 
  184. $capability_name = 'NextGEN Attach Interface'; 
  185. break; 
  186. case 'nextgen_edit_gallery': 
  187. $capability_name = 'NextGEN Manage gallery'; 
  188. break; 
  189. case 'nextgen_edit_gallery_unowned': 
  190. $capability_name = 'NextGEN Manage others gallery'; 
  191. break; 
  192. case 'nextgen_upload_image': 
  193. $capability_name = 'NextGEN Upload images'; 
  194. break; 
  195. case 'nextgen_edit_album_settings': 
  196. $capability_name = 'NextGEN Edit album settings'; 
  197. break; 
  198. case 'nextgen_edit_album': 
  199. $capability_name = 'NextGEN Edit album'; 
  200. break; 
  201. return $capability_name; 
  202. /** 
  203. * Class C_WordPress_Security_Actor 
  204. * @mixin Mixin_WordPress_Security_Actor 
  205. * @mixin Mixin_WordPress_Security_Action_Converter 
  206. */ 
  207. class C_WordPress_Security_Actor extends C_Security_Actor 
  208. function define($context = FALSE) 
  209. parent::define($context); 
  210. $this->add_mixin('Mixin_WordPress_Security_Actor'); 
  211. $this->add_mixin('Mixin_WordPress_Security_Action_Converter'); 
  212. class Mixin_WordPress_Security_Manager extends Mixin 
  213. function get_actor($actor_id, $actor_type = null, $args = null) 
  214. if ($actor_type == null) { 
  215. $actor_type = 'user'; 
  216. $object = null; 
  217. if ($actor_id != null) { 
  218. switch ($actor_type) { 
  219. case 'user': 
  220. $object = get_userdata($actor_id); 
  221. if ($object == false) { 
  222. $object = null; 
  223. break; 
  224. case 'role': 
  225. $object = get_role($actor_id); 
  226. if ($object == false) { 
  227. $object = null; 
  228. break; 
  229. if ($object != null) { 
  230. $factory = C_Component_Factory::get_instance(); 
  231. $actor = $factory->create('wordpress_security_actor', $actor_type); 
  232. $entity_props = array('type' => $actor_type, 'id' => $actor_id); 
  233. $actor->set_entity($object, $entity_props); 
  234. return $actor; 
  235. return $this->object->get_guest_actor(); 
  236. function get_current_actor() 
  237. // If the current_user has an id of 0, then perhaps something went wrong 
  238. // with trying to parse the cookie. In that case, we'll force WordPress to try 
  239. // again 
  240. global $current_user; 
  241. if ($current_user->ID == 0) { 
  242. if (isset($GLOBALS['HTTP_COOKIE_VARS']) && isset($GLOBALS['_COOKIE'])) { 
  243. $current_user = NULL; 
  244. foreach ($GLOBALS['HTTP_COOKIE_VARS'] as $key => $value) { 
  245. if (!isset($_COOKIE[$key])) { 
  246. $_COOKIE[$key] = $value; 
  247. return $this->object->get_actor(get_current_user_id(), 'user'); 
  248. function get_guest_actor() 
  249. $factory = C_Component_Factory::get_instance(); 
  250. $actor = $factory->create('wordpress_security_actor', 'user'); 
  251. $entity_props = array('type' => 'user'); 
  252. $actor->set_entity(null, $entity_props); 
  253. return $actor; 
  254. class Mixin_WordPress_Security_Manager_Request extends Mixin 
  255. function get_request_token($action_name, $args = null) 
  256. $factory = C_Component_Factory::get_instance(); 
  257. $token = $factory->create('wordpress_security_token'); 
  258. $token->init_token($action_name, $args); 
  259. return $token; 
  260. /** 
  261. * Class C_WordPress_Security_Manager 
  262. * @mixin Mixin_WordPress_Security_Manager 
  263. * @mixin Mixin_WordPress_Security_Manager_Request 
  264. */ 
  265. class C_WordPress_Security_Manager extends C_Security_Manager 
  266. static $_instances = array(); 
  267. function define($context = FALSE) 
  268. parent::define($context); 
  269. $this->add_mixin('Mixin_WordPress_Security_Manager'); 
  270. $this->add_mixin('Mixin_WordPress_Security_Manager_Request'); 
  271. static function get_instance($context = False) 
  272. if (!isset(self::$_instances[$context])) { 
  273. $klass = get_class(); 
  274. self::$_instances[$context] = new $klass($context); 
  275. return self::$_instances[$context]; 
  276. class Mixin_Wordpress_Security_Token extends Mixin 
  277. function get_request_list($args = null) 
  278. $prefix = isset($args['prefix']) ? $args['prefix'] : null; 
  279. $action_name = $this->object->get_action_name(); 
  280. $list = array(); 
  281. if ($prefix != null) { 
  282. $list[$action_name . '_prefix'] = $prefix; 
  283. $action = $this->object->get_nonce_name(); 
  284. $list[$prefix . $action_name . '_sec'] = wp_create_nonce($action); 
  285. return $list; 
  286. function get_form_html($args = null) 
  287. $list = $this->object->get_request_list($args); 
  288. $out = null; 
  289. foreach ($list as $name => $value) { 
  290. $out .= '<input type="hidden" name="' . esc_attr($name) . '" value="' . esc_attr($value) . '" />'; 
  291. return $out; 
  292. function get_json($args = null) 
  293. $list = $this->object->get_request_list($args); 
  294. return json_encode($list); 
  295. function check_request($request_values) 
  296. $action_name = $this->object->get_action_name(); 
  297. $action = $this->object->get_nonce_name(); 
  298. $prefix = isset($request_values[$action_name . '_prefix']) ? $request_values[$action_name . '_prefix'] : null; 
  299. if (isset($request_values[$prefix . $action_name . '_sec'])) { 
  300. $nonce = $request_values[$prefix . $action_name . '_sec']; 
  301. $result = wp_verify_nonce($nonce, $action); 
  302. if ($result) { 
  303. return true; 
  304. return false; 
  305. function get_nonce_name() 
  306. $action_name = $this->object->get_action_name(); 
  307. $prop_list = $this->object->get_property_list(); 
  308. $action = $action_name; 
  309. foreach ($prop_list as $prop_name) { 
  310. $property = $this->object->get_property($prop_name); 
  311. $action .= '_' . strval($property); 
  312. return $action; 
  313. class Mixin_Wordpress_Security_Token_MVC extends Mixin 
  314. function check_request($request_values) 
  315. // XXX check URL parameters passed with the MVC module 
  316. // 
  317. return $this->call_parent('check_request', $request_values); 
  318. /** 
  319. * Class C_Wordpress_Security_Token 
  320. * @mixin Mixin_Wordpress_Security_Token 
  321. * @mixin Mixin_Wordpress_Security_Token_MVC 
  322. */ 
  323. class C_Wordpress_Security_Token extends C_Security_Token 
  324. function define($context = FALSE) 
  325. parent::define($context); 
  326. $this->add_mixin('Mixin_Wordpress_Security_Token'); 
  327. $this->add_mixin('Mixin_Wordpress_Security_Token_MVC'); 
.