role: Add a `permissions` field to manage pems locally

include/class.role.php

@@ -79,9 +79,11 @@ class Role extends RoleModel {
     var $_perm;
 
     function getPermission() {
-        if (!$this->_perm)
-            $this->_perm = new RolePermission('role.'.$this->getId());
-
+        if (!$this->_perm) {
+            $this->_perm = new RolePermission(
+                isset($this->permissions) ? $this->permissions : array()
+            );
+        }
         return $this->_perm;
     }
 
@@ -125,13 +127,13 @@ class Role extends RoleModel {
     private function updatePerms($vars, &$errors=array()) {
 
         $config = array();
+        $permissions = $this->getPermission();
         foreach (RolePermission::allPermissions() as $g => $perms) {
-            foreach($perms as $k => $v)
-                $config[$k] = in_array($k, $vars) ? 1 : 0;
+            foreach($perms as $k => $v) {
+                $permissions->set($k, in_array($k, $vars) ? 1 : 0);
+            }
         }
-
-        $this->getPermission()->updateAll($config);
-        $this->getPermission()->load();
+        $this->permissions = $permissions->toJson();
     }
 
     function update($vars, &$errors) {
@@ -149,11 +151,12 @@ class Role extends RoleModel {
 
         $this->name = $vars['name'];
         $this->notes = $vars['notes'];
-        if (!$this->save(true))
-            return false;
 
         $this->updatePerms($vars['perms'], $errors);
 
+        if (!$this->save(true))
+            return false;
+
         return true;
     }
 
@@ -179,9 +182,6 @@ class Role extends RoleModel {
             ->filter(array('role_id'=>$this->getId()))
             ->update(array('role_id' => 0));
 
-        // Delete permission settings
-         $this->getPermission()->destroy();
-
         return true;
     }
 
@@ -193,10 +193,10 @@ class Role extends RoleModel {
 
     static function __create($vars, &$errors) {
         $role = self::create($vars);
-        $role->save();
         if ($vars['permissions'])
             $role->updatePerms($vars['permissions']);
 
+        $role->save();
         return $role;
     }
 
@@ -252,7 +252,7 @@ class Role extends RoleModel {
 }
 
 
-class RolePermission extends Config {
+class RolePermission {
 
     static $_permissions = array(
             /* @trans */ 'Tickets' => array(
@@ -296,46 +296,75 @@ class RolePermission extends Config {
                 ),
             );
 
+    var $perms;
+
     static function allPermissions() {
         return static::$_permissions;
     }
 
-    function get($var) {
-        return (bool) parent::get($var);
+    function __construct($perms) {
+        $this->perms = $perms;
+        if (is_string($this->perms))
+            $this->perms = JsonDataParser::parse($this->perms);
+        elseif (!$this->perms)
+            $this->perms = array();
+    }
+
+    function has($perm) {
+        return (bool) $this->get($perm);
+    }
+
+    function get($perm) {
+        return @$this->perms[$perm];
+    }
+
+    function set($perm, $value) {
+        if (!$value)
+            unset($this->perms[$perm]);
+        else
+            $this->perms[$perm] = $value;
+    }
+
+    function toJson() {
+        return JsonDataEncoder::encode($this->perms);
+    }
+
+    function getInfo() {
+        return $this->perms;
     }
 
     /* tickets */
     function canCreateTickets() {
-        return ($this->get('ticket.create'));
+        return ($this->has('ticket.create'));
     }
 
     function canEditTickets() {
-        return ($this->get('ticket.edit'));
+        return ($this->has('ticket.edit'));
     }
 
     function canAssignTickets() {
-        return ($this->get('ticket.assign'));
+        return ($this->has('ticket.assign'));
     }
 
     function canTransferTickets() {
-        return ($this->get('ticket.transfer'));
+        return ($this->has('ticket.transfer'));
     }
 
     function canPostReply() {
-        return ($this->get('ticket.reply'));
+        return ($this->has('ticket.reply'));
     }
 
     function canCloseTickets() {
-        return ($this->get('ticket.close'));
+        return ($this->has('ticket.close'));
     }
 
     function canDeleteTickets() {
-        return ($this->get('ticket.delete'));
+        return ($this->has('ticket.delete'));
     }
 
     /* Knowledge base */
     function canManagePremade() {
-        return ($this->get('kb.premade'));
+        return ($this->has('kb.premade'));
     }
 
     function canManageCannedResponses() {
@@ -343,7 +372,7 @@ class RolePermission extends Config {
     }
 
     function canManageFAQ() {
-        return ($this->get('kb.faq'));
+        return ($this->has('kb.faq'));
     }
 
     function canManageFAQs() {
@@ -352,12 +381,12 @@ class RolePermission extends Config {
 
     /* stats */
     function canViewStaffStats() {
-        return ($this->get('stats.agents'));
+        return ($this->has('stats.agents'));
     }
 
     /* email */
     function canBanEmails() {
-        return ($this->get('emails.banlist'));
+        return ($this->has('emails.banlist'));
     }
 }
 ?>

include/class.staff.php

@@ -53,6 +53,7 @@ implements AuthenticatedUser {
     var $passwd_change;
     var $_roles = null;
     var $_teams = null;
+    var $_perms = null;
 
     function __onload() {
         // WE have to patch info here to support upgrading from old versions.
@@ -285,18 +286,16 @@ implements AuthenticatedUser {
     }
 
     function hasPermission($perm) {
-        static $perms = null;
-        if (!isset($perms[$perm])) {
-            $perms[$perm] = false;
-            foreach($this->getDepartments() as $deptId) {
-                if (($role=$this->getRole($deptId))
-                        && $role->getPermission()
-                        && $role->getPermission()->get($perm))
-                    $perms[$perm] = true;
+        if (!isset($this->_perms)) {
+            foreach ($this->getDepartments() as $deptId) {
+                if (($role = $this->getRole($deptId))) {
+                    foreach ($role->getPermission()->getInfo() as $perm=>$v) {
+                        $this->_perms[$perm] |= $v;
+                    }
+                }
             }
         }
-
-        return $perms[$perm];
+        return @$this->_perms[$perm];
     }
 
     function canCreateTickets() {

include/upgrader/streams/core.sig

-c7c828356c88b462ba2e3e1437dca0df
+e9b05c1970a94c63220bdc6a3bee1c7d

include/upgrader/streams/core/1ee831c8-c7c82835.patch.sql → include/upgrader/streams/core/1ee831c8-e9b05c19.patch.sql

 /**
- * @signature c7c828356c88b462ba2e3e1437dca0df
+ * @signature e9b05c1970a94c63220bdc6a3bee1c7d
  * @version v1.9.6
  * @title Add role-based access
  *
@@ -11,6 +11,7 @@ CREATE TABLE `%TABLE_PREFIX%role` (
   `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
   `flags` int(10) unsigned NOT NULL DEFAULT '1',
   `name` varchar(64) DEFAULT NULL,
+  `permissions` text,
   `notes` text,
   `created` datetime NOT NULL,
   `updated` datetime NOT NULL,
@@ -38,5 +39,5 @@ ALTER TABLE  `%TABLE_PREFIX%department`
 
 -- Finished with patch
 UPDATE `%TABLE_PREFIX%config`
-    SET `value`='c7c828356c88b462ba2e3e1437dca0df'
+    SET `value`='e9b05c1970a94c63220bdc6a3bee1c7d'
     WHERE `key` = 'schema_signature' AND `namespace` = 'core';

scp/roles.php

@@ -42,6 +42,7 @@ if ($_POST) {
     case 'add':
         $_role = Role::create();
         if ($_role->update($_POST, $errors)) {
+            unset($_REQUEST['a']);
             $msg = sprintf(__('Successfully added %s'),
                     __('role'));
         } elseif ($errors) {

setup/inc/streams/core/install-mysql.sql

@@ -406,6 +406,7 @@ CREATE TABLE `%TABLE_PREFIX%role` (
   `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
   `flags` int(10) unsigned NOT NULL DEFAULT '1',
   `name` varchar(64) DEFAULT NULL,
+  `permissions` text,
   `notes` text,
   `created` datetime NOT NULL,
   `updated` datetime NOT NULL,