[dev] Deny permissions

[Jason Rust]

> The Group class allows for subclasses to be defined - want to submit one
> that implements this?

Attached is an implementation of a groups driver that allows for hooks.
I tested it out and it works nicely.  It basically allows for the
dynamic adding of users to a group, such that a group can have regular
users in it and then you can define a hook which would allow additional
users to be in it as well.  The only limitation is that because the
group is dynamic there is no way to list the "hook" users that are in
it.

An example for hooks.php would be:

// Here is an example _group_hook_authUsers function that you can use to create
// a dynamic group that includes all users who can successfully log in.  The
// function takes the username in question as a parameter and returns true if
// the user is in the group.
if (!function_exists('_group_hook_authUsers')) {
    function _group_hook_authUsers($user)
    {
        return Auth::getAuth() == $user ? true : false;
    }
}

I would guess in order to use this there would need to be a new config
option called group.driver which could be set to Hooks and then anywhere
that Group::singleton() is used now would need to be changed to
Group::factory($conf['group']['driver']).

-Jason
-------------- next part --------------
<?php
/**
 * The Group_Hooks:: class provides the Horde groups system with the
 * addition of adding support for hook functions to define if a user
 * is in a group.
 *
 * $Horde$
 *
 * Copyright 2003 Jason Rust <jrust at rustyparts.com>
 *
 * See the enclosed file COPYING for license information (LGPL). If you
 * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
 *
 * @author  Jason Rust <jrust at rustyparts.com>
 * @version $Revision$
 * @since   Horde 3.0
 * @package horde.group
 */
class Group_Hooks extends Group {

    /**
     * Constructor
     */
    function Group_Hooks()
    {
        $this->Group();
        global $registry;
        require $registry->getParam('fileroot', 'horde') . '/config/hooks.php';
    }

    /**
     * Get a list of every group that $user is in.
     *
     * @param string $user  The user to get groups for.
     *
     * @return array  An array of all groups the user is in.
     */
    function getGroupMemberships($user)
    {
        $memberships = parent::getGroupMemberships($user);
        foreach ($this->listGroups() as $groupName) {
            if (function_exists($this->_getGroupHookName($groupName)) &&
                call_user_func($this->_getGroupHookName($groupName), $user) &&
                !in_array($groupName, $memberships)) {
                $memberships[] = $groupName;
            }
        }

        return $memberships;
    }

    /**
     * Say if a user is a member of a group or not.
     *
     * @param          string  $user       The name of the user.
     * @param          string  $group      The name of the group.
     * @param optional boolean $subgroups  Return true if the user is in any subgroups
     *                                     of $group, also.
     *
     * @return boolean
     * @access public
     */
    function userIsInGroup($user, $group, $subgroups = false)
    {
        if (function_exists($this->_getGroupHookName($group))) {
            if (call_user_func($this->_getGroupHookName($group), $user)) {
                $inGroup = true;
            } else {
                $inGroup = false;
            }
        }

        if ($inGroup || parent::userIsInGroup($user, $group, $subgroups)) {
            return true;
        } else {
            return false;
        }
    }

    /**
     * Returns the name of the hook function.
     *
     * @param string $name The group name
     *
     * @access public
     * @return string The function name for the hook for this group
     */
    function _getGroupHookName($name)
    {
        return '_group_hook_' . $name;
    }

}