better perms

install/db_install/99_postinstall/deferred_data.sql

@@ -1,41 +1,41 @@
 INSERT INTO `permissions` (`name`) VALUES
 ('*'),
-('project-read'),
-('project-update'),
-('project-create'),
-('project-delete'),
-('issue-read'),
-('issue-update'),
-('issue-create'),
-('issue-delete'),
-('user-read'),
-('user-update'),
-('user-create'),
-('user-delete'),
-('message-read'),
-('message-update'),
-('message-create'),
-('message-delete'),
-('priority-read'),
-('priority-update'),
-('priority-create'),
-('priority-delete'),
-('session-read'),
-('session-update'),
-('session-create'),
-('session-delete'),
-('issue-role-read'),
-('issue-role-update'),
-('issue-role-create'),
-('issue-role-delete'),
-('project-role-read'),
-('project-role-update'),
-('project-role-create'),
-('project-role-delete'),
-('email-read'),
-('email-update'),
-('email-create'),
-('email-delete');
+('project.read'),
+('project.update'),
+('project.create'),
+('project.delete'),
+('issue.read'),
+('issue.update'),
+('issue.create'),
+('issue.delete'),
+('user.read'),
+('user.update'),
+('user.create'),
+('user.delete'),
+('message.read'),
+('message.update'),
+('message.create'),
+('message.delete'),
+('priority.read'),
+('priority.update'),
+('priority.create'),
+('priority.delete'),
+('session.read'),
+('session.update'),
+('session.create'),
+('session.delete'),
+('issue.role.read'),
+('issue.role.update'),
+('issue.role.create'),
+('issue.role.delete'),
+('project.role.read'),
+('project.role.update'),
+('project.role.create'),
+('project.role.delete'),
+('email.read'),
+('email.update'),
+('email.create'),
+('email.delete');
 
 INSERT INTO `issue_roles` (`name`) VALUES
 ('Developer'),
@@ -43,11 +43,11 @@ INSERT INTO `issue_roles` (`name`) VALUES
 ('Contact');
 
 INSERT INTO `r_issue_role_permission` (`r_id`,`per_id`) VALUES
-(issue_role('Developer'),permission('issue-read')),
-(issue_role('Developer'),permission('issue-update')),
-(issue_role('Tester'),permission('issue-read')),
-(issue_role('Tester'),permission('issue-update')),
-(issue_role('Contact'),permission('issue-read'));
+(issue_role('Developer'),permission('issue.read')),
+(issue_role('Developer'),permission('issue.update')),
+(issue_role('Tester'),permission('issue.read')),
+(issue_role('Tester'),permission('issue.update')),
+(issue_role('Contact'),permission('issue.read'));
 
 INSERT INTO `project_roles` (`name`) VALUES
 ('Project Manager'),
@@ -55,12 +55,12 @@ INSERT INTO `project_roles` (`name`) VALUES
 ('Tester');
 
 INSERT INTO `r_project_role_permission` (`r_id`,`per_id`) VALUES
-(project_role('Project Manager'),permission('issue-read')),
-(project_role('Project Manager'),permission('issue-create')),
-(project_role('Project Manager'),permission('issue-delete')),
-(project_role('Project Manager'),permission('project-read')),
-(project_role('Project Manager'),permission('project-update')),
-(project_role('Project Manager'),permission('project-delete')),
-(project_role('Developer'),permission('issue-create')),
-(project_role('Developer'),permission('project-read')),
-(project_role('Tester'),permission('project-read'));
+(project_role('Project Manager'),permission('issue.read')),
+(project_role('Project Manager'),permission('issue.create')),
+(project_role('Project Manager'),permission('issue.delete')),
+(project_role('Project Manager'),permission('project.read')),
+(project_role('Project Manager'),permission('project.update')),
+(project_role('Project Manager'),permission('project.delete')),
+(project_role('Developer'),permission('issue.create')),
+(project_role('Developer'),permission('project.read')),
+(project_role('Tester'),permission('project.read'));

lib/errorhandler.php

@@ -1,7 +1,7 @@
 <?php
 	error_reporting(E_ALL);
 	//ini_set('display_errors', 'Off');
-	function error_handle_type($type){
+	function error_handle_type($type=null){
 		static $etype;
 		if(!$etype){
 			$etype = 'html';

lib/issue.class.php

@@ -162,10 +162,19 @@
 		}
 		public function permission($permission,$user=null){
 			$user = is_null($user)?Bugs::$user:$user;
-			return $user->admin || (
-				$user->permission('issue_'.$permission) &&
-				in_array($user->id, $this->user_ids)
-			);
+			return $user->admin ||
+				$user->permission('issue.'.$permission)||
+				Bugs::$sql->query("
+					SELECT count(1) count
+					FROM r_issue_role_permission r
+					JOIN permissions p
+						ON p.id = r.per_id
+						AND p.name IN (?,'*')
+					JOIN r_issue_user iu
+						ON iu.r_id = r.r_id
+						AND iu.u_id = ?
+						AND iu.p_id = ?
+				",'sii','issue.'.$permission,$user->id,$this->id)->assoc_result['count']!==0;
 		}
 		public function roles($user){
 			return array_column(

lib/project.class.php

@@ -177,10 +177,19 @@
 		}
 		public function permission($permission,$user=null){
 			$user = is_null($user)?Bugs::$user:$user;
-			return $user->admin || (
-				$user->permission('project_'.$permission) &&
-				in_array($user->id, $this->user_ids)
-			);
+			return $user->admin ||
+				$user->permission('project.'.$permission) ||
+				Bugs::$sql->query("
+					SELECT count(1) count
+					FROM r_project_role_permission r
+					JOIN permissions p
+						ON p.id = r.per_id
+						AND p.name IN (?,'*')
+					JOIN r_project_user pu
+						ON pu.r_id = r.r_id
+						AND pu.u_id = ?
+						AND pu.p_id = ?
+				",'sii','project.'.$permission,$user->id,$this->id)->assoc_result['count']!==0;
 		}
 		public function roles($user){
 			return array_column(

lib/user.class.php

@@ -8,7 +8,8 @@
 			'date_modified'=>null,
 			'active'=>null,
 			'password'=>null,
-			'salt'=> null
+			'salt'=> null,
+			'admin'=> null
 		);
 		public function __construct($id){
 			switch(func_num_args()){
@@ -57,12 +58,13 @@
 				'id'=> $this->id,
 				'name'=> $this->name,
 				'email'=> $this->email,
+				'admin'=> $this->admin,
 				'date_registered'=> $this->date_registered,
 				'date_modified'=> $this->date_modified
 			);
 		}
 		public function __toString(){
-			return $this->path;
+			return $this->name;
 		}
 		public function __set($name,$value){
 			switch($name){
@@ -127,7 +129,10 @@
 					return $perms;
 				break;
 				case 'admin':
-					return $this->permission('*');
+					if(is_null($this->cache['admin'])){
+						$this->cache['admin'] = $this->permission('*');
+					}
+					return $this->cache['admin'];
 				break;
 				case 'project_ids':
 					return array_column(
@@ -184,9 +189,9 @@
 				FROM r_permission_user r
 				JOIN permissions p
 					ON p.id = r.per_id
-				WHERE u_id = ?
-				AND p.name IN (?,'*')
-			",'is',$this->id,$permission)->assoc_result['count']!==0;
+					AND p.name IN (?,'*')
+				WHERE r.u_id = ?
+			",'si',$permission,$this->id)->assoc_result['count']!==0;
 		}
 	}
 ?>

templates/issue.php

@@ -1,9 +1,9 @@
 <?php
 	// Expecting the context to be a issue or nothing at all
 	global $context;
-	($context?$context->permission('read'):Bugs::$user->permission('issue_read')) or trigger_error('You are not allowed to view this issue');
-	$update = $context?$context->permission('update'):Bugs::$user->permission('issue_create');
-	$delete = $context?$context->permission('delete'):Bugs::$user->permission('issue_delete');
+	($context?$context->permission('read'):Bugs::$user->permission('issue.read')) or trigger_error('You are not allowed to view this issue');
+	$update = $context?$context->permission('update'):Bugs::$user->permission('issue.create');
+	$delete = $context?$context->permission('delete'):Bugs::$user->permission('issue.delete');
 	function getval($name){
 		global $context;
 		return $context?$context->{$name}:null;

templates/project.php

@@ -1,9 +1,9 @@
 <?php
 	// Expecting the context to be a project or nothing at all
 	global $context;
-	($context?$context->permission('read'):Bugs::$user->permission('project_read')) or trigger_error('You are not allowed to view this project');
-	$update = $context?$context->permission('update'):Bugs::$user->permission('project_create');
-	$delete = $context?$context->permission('delete'):Bugs::$user->permission('project_delete');
+	($context?$context->permission('read'):Bugs::$user->permission('project.read')&&Bugs::$user->permission('project.create')) or trigger_error('You are not allowed to view this project');
+	$update = $context?$context->permission('update'):Bugs::$user->permission('project.create');
+	$delete = $context?$context->permission('delete'):Bugs::$user->permission('project.delete');
 	function getval($name){
 		global $context;
 		return $context?$context->{$name}:null;

templates/user.php

@@ -1,6 +1,7 @@
 <?php
 	// Expecting the context to be a user
 	global $context;
+	Bugs::$user->permission('user.read') or trigger_error('You are not allowed to view this user');
 ?>
 <!doctype html>
 	<head>