methods on User to grant, check, and revoke roles

2 files changed, 49 insertions, 0 deletions

diff --git a/classes/User.php b/classes/User.php
index aa366a5f3..58f9a6874 100644
--- a/classes/User.php
+++ b/classes/User.php
@@ -674,4 +674,48 @@ class User extends Memcached_DataObject
     {
         return Design::staticGet('id', $this->design_id);
     }
+
+    function hasRole($name)
+    {
+        $role = User_role::pkeyGet(array('user_id' => $this->id,
+                                         'role' => $name));
+        return (!empty($role));
+    }
+
+    function grantRole($name)
+    {
+        $role = new User_role();
+
+        $role->user_id = $this->id;
+        $role->role    = $name;
+        $role->created = common_sql_now();
+
+        $result = $role->insert();
+
+        if (!$result) {
+            common_log_db_error($role, 'INSERT', __FILE__);
+            return false;
+        }
+
+        return true;
+    }
+
+    function revokeRole($name)
+    {
+        $role = User_role::pkeyGet(array('user_id' => $this->id,
+                                         'role' => $name));
+
+        if (empty($role)) {
+            throw new Exception('Cannot revoke role "'.$name.'" for user #'.$this->id.'; does not exist.');
+        }
+
+        $result = $role->delete();
+
+        if (!$result) {
+            common_log_db_error($role, 'DELETE', __FILE__);
+            throw new Exception('Cannot revoke role "'.$name.'" for user #'.$this->id.'; database error.');
+        }
+
+        return true;
+    }
 }
diff --git a/classes/User_role.php b/classes/User_role.php
index 658c92000..85ecfb422 100644
--- a/classes/User_role.php
+++ b/classes/User_role.php
@@ -40,4 +40,9 @@ class User_role extends Memcached_DataObject
 
     /* the code above is auto generated do not remove the tag below */
     ###END_AUTOCODE
+
+    function &pkeyGet($kv)
+    {
+        return Memcached_DataObject::pkeyGet('User_role', $kv);
+    }
 }