Get entities for which a user have a right
| static public getForUser ( $user_ID, $only_dynamic = false ) : array | ||
| $user_ID | user ID | |
| $only_dynamic | get only recursive rights (false by default) | |
| return | array | of entities ID |
/**
* Apply rules to determine dynamic rights of the user
*
* @return boolean : true if we play the Rule Engine
**/
function applyRightRules()
{
global $DB;
$return = false;
if ((isset($this->fields['_ruleright_process']) || isset($this->input['_ruleright_process'])) && isset($this->fields["authtype"]) && ($this->fields["authtype"] == Auth::LDAP || $this->fields["authtype"] == Auth::MAIL || Auth::isAlternateAuth($this->fields["authtype"]))) {
$dynamic_profiles = Profile_User::getForUser($this->fields["id"], true);
if (isset($this->fields["id"]) && $this->fields["id"] > 0 && isset($this->input["_ldap_rules"]) && count($this->input["_ldap_rules"])) {
//and add/update/delete only if it's necessary !
if (isset($this->input["_ldap_rules"]["rules_entities_rights"])) {
$entities_rules = $this->input["_ldap_rules"]["rules_entities_rights"];
} else {
$entities_rules = array();
}
if (isset($this->input["_ldap_rules"]["rules_entities"])) {
$entities = $this->input["_ldap_rules"]["rules_entities"];
} else {
$entities = array();
}
if (isset($this->input["_ldap_rules"]["rules_rights"])) {
$rights = $this->input["_ldap_rules"]["rules_rights"];
} else {
$rights = array();
}
$retrieved_dynamic_profiles = array();
//For each affectation -> write it in DB
foreach ($entities_rules as $entity) {
//Multiple entities assignation
if (is_array($entity[0])) {
foreach ($entity[0] as $tmp => $ent) {
$affectation['entities_id'] = $ent;
$affectation['profiles_id'] = $entity[1];
$affectation['is_recursive'] = $entity[2];
$affectation['users_id'] = $this->fields['id'];
$affectation['is_dynamic'] = 1;
$retrieved_dynamic_profiles[] = $affectation;
}
} else {
$affectation['entities_id'] = $entity[0];
$affectation['profiles_id'] = $entity[1];
$affectation['is_recursive'] = $entity[2];
$affectation['users_id'] = $this->fields['id'];
$affectation['is_dynamic'] = 1;
$retrieved_dynamic_profiles[] = $affectation;
}
}
if (count($entities) > 0 && count($rights) == 0) {
if ($def_prof = Profile::getDefault()) {
$rights[] = $def_prof;
}
}
if (count($rights) > 0 && count($entities) > 0) {
foreach ($rights as $right) {
foreach ($entities as $entity) {
$affectation['entities_id'] = $entity[0];
$affectation['profiles_id'] = $right;
$affectation['users_id'] = $this->fields['id'];
$affectation['is_recursive'] = $entity[1];
$affectation['is_dynamic'] = 1;
$retrieved_dynamic_profiles[] = $affectation;
}
}
}
// Compare retrived profiles to existing ones : clean arrays to do purge and add
if (count($retrieved_dynamic_profiles)) {
foreach ($retrieved_dynamic_profiles as $keyretr => $retr_profile) {
$found = false;
foreach ($dynamic_profiles as $keydb => $db_profile) {
// Found existing profile : unset values in array
if (!$found && $db_profile['entities_id'] == $retr_profile['entities_id'] && $db_profile['profiles_id'] == $retr_profile['profiles_id'] && $db_profile['is_recursive'] == $retr_profile['is_recursive']) {
unset($retrieved_dynamic_profiles[$keyretr]);
unset($dynamic_profiles[$keydb]);
}
}
}
}
// Add new dynamic profiles
if (count($retrieved_dynamic_profiles)) {
$right = new Profile_User();
foreach ($retrieved_dynamic_profiles as $keyretr => $retr_profile) {
$right->add($retr_profile);
}
}
//Unset all the temporary tables
unset($this->input["_ldap_rules"]);
$return = true;
}
// Delete old dynamic profiles
if (count($dynamic_profiles)) {
$right = new Profile_User();
foreach ($dynamic_profiles as $keydb => $db_profile) {
$right->delete($db_profile);
}
}
}
return $return;
}
/**
* @see RuleCollection::prepareInputDataForProcess()
**/
function prepareInputDataForProcess($input, $params)
{
$input['mailcollector'] = $params['mailcollector'];
$input['_users_id_requester'] = $params['_users_id_requester'];
$fields = $this->getFieldsToLookFor();
//Add needed ticket datas for rules processing
if (isset($params['ticket']) && is_array($params['ticket'])) {
foreach ($params['ticket'] as $key => $value) {
if (in_array($key, $fields) && !isset($input[$key])) {
$input[$key] = $value;
}
}
}
//Add needed headers for rules processing
if (isset($params['headers']) && is_array($params['headers'])) {
foreach ($params['headers'] as $key => $value) {
if (in_array($key, $fields) && !isset($input[$key])) {
$input[$key] = $value;
}
}
}
//Add all user's groups
if (in_array('groups', $fields)) {
foreach (Group_User::getUserGroups($input['_users_id_requester']) as $group) {
$input['GROUPS'][] = $group['id'];
}
}
//Add all user's profiles
if (in_array('profiles', $fields)) {
foreach (Profile_User::getForUser($input['_users_id_requester']) as $profile) {
$input['PROFILES'][$profile['profiles_id']] = $profile['profiles_id'];
}
}
//If the criteria is "user has only one time the profile xxx"
if (in_array('unique_profile', $fields)) {
//Get all profiles
$profiles = Profile_User::getForUser($input['_users_id_requester']);
foreach ($profiles as $profile) {
if (Profile_User::haveUniqueRight($input['_users_id_requester'], $profile['profiles_id'])) {
$input['UNIQUE_PROFILE'][$profile['profiles_id']] = $profile['profiles_id'];
}
}
}
//Store the number of profiles of which the user belongs to
if (in_array('one_profile', $fields)) {
$profiles = Profile_User::getForUser($input['_users_id_requester']);
if (count($profiles) == 1) {
$tmp = array_pop($profiles);
$input['ONE_PROFILE'] = $tmp['profiles_id'];
}
}
//Store the number of profiles of which the user belongs to
if (in_array('known_domain', $fields)) {
if (preg_match("/@(.*)/", $input['from'], $results)) {
if (Entity::getEntityIDByDomain($results[1]) != -1) {
$input['KNOWN_DOMAIN'] = 1;
} else {
$input['KNOWN_DOMAIN'] = 0;
}
}
}
return $input;
}
