mirror of
https://github.com/ZoneMinder/zoneminder.git
synced 2026-02-07 04:51:14 -05:00
4e60cb96a7
Add a User Roles system where roles define reusable permission templates. When a user has a role assigned, the role provides fallback permissions (user's direct permissions take precedence; role is used when user has 'None'). Database changes: - Add User_Roles table with same permission fields as Users - Add Role_Groups_Permissions table for per-role group overrides - Add Role_Monitors_Permissions table for per-role monitor overrides - Add RoleId foreign key to Users table Permission resolution order: 1. User's direct Monitor/Group permissions (if not 'Inherit') 2. Role's Monitor/Group permissions (if user has role) 3. Role's base permission (if user's is 'None') 4. User's base permission (fallback) Includes: - PHP models: User_Role, Role_Group_Permission, Role_Monitor_Permission - Role management UI in Options > Roles tab - Role selector in user edit form - REST API endpoints for roles CRUD - Translation strings for en_gb Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
53 lines
1.4 KiB
PHP
53 lines
1.4 KiB
PHP
<?php
|
|
namespace ZM;
|
|
|
|
require_once('database.php');
|
|
require_once('Object.php');
|
|
require_once('Group.php');
|
|
|
|
class Role_Group_Permission extends ZM_Object {
|
|
protected static $table = 'Role_Groups_Permissions';
|
|
protected $defaults = array(
|
|
'Id' => null,
|
|
'RoleId' => null,
|
|
'GroupId' => null,
|
|
'Permission' => 'Inherit',
|
|
);
|
|
private $Role;
|
|
private $Group;
|
|
private $Monitors;
|
|
|
|
public static function find($parameters = array(), $options = array()) {
|
|
return ZM_Object::_find(self::class, $parameters, $options);
|
|
}
|
|
|
|
public static function find_one($parameters = array(), $options = array()) {
|
|
return ZM_Object::_find_one(self::class, $parameters, $options);
|
|
}
|
|
|
|
public function MonitorPermission($mid) {
|
|
if (!$this->Monitors)
|
|
$this->Monitors = array_to_hash_by_key('Id', $this->Group()->Monitors());
|
|
if (isset($this->Monitors[$mid])) return $this->Permission();
|
|
return 'Inherit';
|
|
}
|
|
|
|
public function Role($new = null) {
|
|
if ($new) $this->Role = $new;
|
|
if (!$this->Role) {
|
|
require_once('User_Role.php');
|
|
$this->Role = User_Role::find_one(['Id' => $this->RoleId()]);
|
|
}
|
|
return $this->Role;
|
|
}
|
|
|
|
public function Group($new = null) {
|
|
if ($new) $this->Group = $new;
|
|
if (!$this->Group)
|
|
$this->Group = Group::find_one(['Id' => $this->GroupId()]);
|
|
return $this->Group;
|
|
}
|
|
|
|
} # end class Role_Group_Permission
|
|
?>
|