mirror/zoneminder
1
0
Fork 0
mirror of https://github.com/ZoneMinder/zoneminder.git synced 2026-02-07 13:01:24 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
zoneminder/web/includes/User_Role.php
Isaac Connor 4e60cb96a7 feat: add User Roles feature for reusable permission templates 
Add a User Roles system where roles define reusable permission templates.
When a user has a role assigned, the role provides fallback permissions
(user's direct permissions take precedence; role is used when user has 'None').

Database changes:
- Add User_Roles table with same permission fields as Users
- Add Role_Groups_Permissions table for per-role group overrides
- Add Role_Monitors_Permissions table for per-role monitor overrides
- Add RoleId foreign key to Users table

Permission resolution order:
1. User's direct Monitor/Group permissions (if not 'Inherit')
2. Role's Monitor/Group permissions (if user has role)
3. Role's base permission (if user's is 'None')
4. User's base permission (fallback)

Includes:
- PHP models: User_Role, Role_Group_Permission, Role_Monitor_Permission
- Role management UI in Options > Roles tab
- Role selector in user edit form
- REST API endpoints for roles CRUD
- Translation strings for en_gb

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 13:34:27 -05:00

101 lines
2.9 KiB
PHP
Raw Permalink Blame History

<?php
namespace ZM;
require_once('database.php');
require_once('Object.php');
require_once('Group.php');
class User_Role extends ZM_Object {
protected static $table = 'User_Roles';
protected $defaults = array(
'Id' => null,
'Name' => '',
'Description' => '',
'Stream' => 'None',
'Events' => 'None',
'Control' => 'None',
'Monitors' => 'None',
'Groups' => 'None',
'Devices' => 'None',
'Snapshots' => 'None',
'System' => 'None',
);
private $Group_Permissions;
private $Monitor_Permissions;
public static function find($parameters = array(), $options = array()) {
return ZM_Object::_find(self::class, $parameters, $options);
}
public static function find_one($parameters = array(), $options = array()) {
return ZM_Object::_find_one(self::class, $parameters, $options);
}
public static function Indexed_By_Id() {
$results = array();
foreach (ZM_Object::_find('ZM\User_Role', null, array('order' => 'lower(Name)')) as $Object) {
$results[$Object->Id()] = $Object;
}
return $results;
}
public function Group_Permissions() {
if (!$this->Group_Permissions) {
if ($this->Id()) {
require_once('Role_Group_Permission.php');
$this->Group_Permissions = array_to_hash_by_key('GroupId', Role_Group_Permission::find(['RoleId' => $this->Id()]));
} else {
$this->Group_Permissions = [];
}
}
return array_values($this->Group_Permissions);
}
public function Group_Permission($group_id) {
if (!$this->Group_Permissions) $this->Group_Permissions();
if (!isset($this->Group_Permissions[$group_id])) {
require_once('Role_Group_Permission.php');
$gp = $this->Group_Permissions[$group_id] = new Role_Group_Permission();
$gp->RoleId($this->Id());
$gp->GroupId($group_id);
}
return $this->Group_Permissions[$group_id];
}
public function Monitor_Permissions($new = -1) {
if ($new != -1) $this->Monitor_Permissions = $new;
if (!$this->Monitor_Permissions) {
if ($this->Id()) {
require_once('Role_Monitor_Permission.php');
$this->Monitor_Permissions = array_to_hash_by_key('MonitorId', Role_Monitor_Permission::find(['RoleId' => $this->Id()]));
} else {
$this->Monitor_Permissions = [];
}
}
return array_values($this->Monitor_Permissions);
}
public function Monitor_Permission($monitor_id) {
if (!$this->Monitor_Permissions) $this->Monitor_Permissions();
if (!isset($this->Monitor_Permissions[$monitor_id])) {
require_once('Role_Monitor_Permission.php');
$mp = $this->Monitor_Permissions[$monitor_id] = new Role_Monitor_Permission();
$mp->RoleId($this->Id());
$mp->MonitorId($monitor_id);
}
return $this->Monitor_Permissions[$monitor_id];
}
public function Users() {
require_once('User.php');
return User::find(['RoleId' => $this->Id()]);
}
} # end class User_Role
?>
Reference in New Issue View Git Blame Copy Permalink