Beispiel #1
0
 /**
  * Recursively builds tree permissions for the specified combination.
  *
  * @param integer $userId
  * @param array $userGroupIds
  * @param array $basePermissions Base permissions, coming from global or parent; [group][permission] => allow/unset/etc
  * @param array $permissionsGrouped List of all valid permissions, grouped
  * @param integer $parentId ID of the parent.
  *
  * @return array Final permissions (true/false), format: [id][permission] => value
  */
 protected function _buildTreePermissions($userId, array $userGroupIds, array $basePermissions, array $permissionsGrouped, $parentId = 0)
 {
     if (!isset($this->_categoryTree[$parentId])) {
         return array();
     }
     if (!isset($basePermissions['resource']['view'])) {
         if (isset($this->_globalPerms['resource']['view'])) {
             $basePermissions['resource']['view'] = $this->_globalPerms['resource']['view'];
         } else {
             $basePermissions['resource']['view'] = 'unset';
         }
     }
     $basePermissions = $this->_adjustBasePermissionAllows($basePermissions);
     $finalPermissions = array();
     foreach ($this->_categoryTree[$parentId] as $category) {
         $categoryId = $category['resource_category_id'];
         $groupEntries = $this->_getUserGroupPermissionEntries($categoryId, $userGroupIds);
         $userEntries = $this->_getUserPermissionEntries($categoryId, $userId);
         $categoryWideEntries = $this->_getCategoryWideEntries($categoryId);
         $categoryPermissions = $this->_permissionModel->buildPermissionCacheForCombination($permissionsGrouped, $categoryWideEntries, $groupEntries, $userEntries, $basePermissions, $passPermissions);
         if (!isset($categoryPermissions['resource']['view'])) {
             $categoryPermissions['resource']['view'] = 'unset';
         }
         $finalCategoryPermissions = $this->_permissionModel->canonicalizePermissionCache($categoryPermissions['resource']);
         if (isset($finalCategoryPermissions['view']) && !$finalCategoryPermissions['view']) {
             // forcable deny viewing perms to children if this isn't viewable
             $passPermissions['resource']['view'] = 'deny';
         }
         $finalPermissions[$categoryId] = $finalCategoryPermissions;
         $finalPermissions += $this->_buildTreePermissions($userId, $userGroupIds, $passPermissions, $permissionsGrouped, $categoryId);
     }
     return $finalPermissions;
 }
Beispiel #2
0
 /**
  * Builds form permissions for the specified combination.
  *
  * @param integer $userId
  * @param array $userGroupIds
  * @param array $basePermissions Base permissions, coming from global or parent; [group][permission] => allow/unset/etc
  * @param array $permissionsGrouped List of all valid permissions, grouped
  *
  * @return array Final permissions (true/false), format: [form id][permission] => value
  */
 protected function _buildFormPermissions($userId, array $userGroupIds, array $basePermissions, array $permissionsGrouped)
 {
     if (!isset($this->_forms)) {
         return array();
     }
     /*
     if (!isset($basePermissions['form']['respondToForms']))
     {
     	if (isset($this->_globalPerms['form']['respondToForms']))
     	{
     		$basePermissions['form']['respondToForms'] = $this->_globalPerms['form']['respondToForms'];
     	}
     	else
     	{
     		$basePermissions['form']['respondToForms'] = 'unset';
     	}
     }
     */
     $basePermissions = $this->_adjustBasePermissionAllows($basePermissions);
     $finalPermissions = array();
     foreach ($this->_forms as $form) {
         $formId = $form['form_id'];
         $groupEntries = $this->_getUserGroupFormEntries($formId, $userGroupIds);
         $userEntries = $this->_getUserFormEntries($formId, $userId);
         $formWideEntries = $this->_getFormWideEntries($formId);
         $formPermissions = $this->_permissionModel->buildPermissionCacheForCombination($permissionsGrouped, $formWideEntries, $groupEntries, $userEntries, $basePermissions);
         $finalFormPermissions = $this->_permissionModel->canonicalizePermissionCache($formPermissions['form']);
         $finalPermissions[$formId] = $finalFormPermissions;
     }
     return $finalPermissions;
 }
Beispiel #3
0
 /**
  * Recursively builds node tree permissions for the specified combination.
  * Note that nodes will have permissions for all node types, but the final
  * permissions for a node *only* include that node's permissions.
  *
  * @param integer $userId
  * @param array $userGroupIds
  * @param array $basePermissions Base permissions, coming from global or parent; [group][permission] => allow/unset/etc
  * @param array $permissionsGrouped List of all valid permissions, grouped
  * @param integer $parentId ID of the parent node.
  *
  * @return array Final permissions (true/false), format: [node id][permission] => value
  */
 protected function _buildNodeTreePermissions($userId, array $userGroupIds, array $basePermissions, array $permissionsGrouped, $parentId = 0)
 {
     if (!isset($this->_nodeTree[$parentId])) {
         return array();
     }
     if (!isset($basePermissions['general']['viewNode'])) {
         if (isset($this->_globalPerms['general']['viewNode'])) {
             $basePermissions['general']['viewNode'] = $this->_globalPerms['general']['viewNode'];
         } else {
             $basePermissions['general']['viewNode'] = 'unset';
         }
     }
     $basePermissions = $this->_adjustBasePermissionAllows($basePermissions);
     $finalPermissions = array();
     foreach ($this->_nodeTree[$parentId] as $node) {
         if (!isset($this->_nodeTypes[$node['node_type_id']])) {
             continue;
         }
         $nodeType = $this->_nodeTypes[$node['node_type_id']];
         $nodeId = $node['node_id'];
         $groupEntries = $this->_getUserGroupNodeEntries($nodeId, $userGroupIds);
         $userEntries = $this->_getUserNodeEntries($nodeId, $userId);
         $nodeWideEntries = $this->_getNodeWideEntries($nodeId);
         $nodePermissions = $this->_permissionModel->buildPermissionCacheForCombination($permissionsGrouped, $nodeWideEntries, $groupEntries, $userEntries, $basePermissions, $passPermissions);
         if (!isset($nodePermissions['general']['viewNode'])) {
             $nodePermissions['general']['viewNode'] = 'unset';
         }
         if ($nodeType['permission_group_id']) {
             $nodePermissions[$nodeType['permission_group_id']]['view'] = $nodePermissions['general']['viewNode'];
             $finalNodePermissions = $this->_permissionModel->canonicalizePermissionCache($nodePermissions[$nodeType['permission_group_id']]);
             if (isset($finalNodePermissions['view']) && !$finalNodePermissions['view']) {
                 // forcable deny viewing perms to children if this isn't viewable
                 $passPermissions['general']['viewNode'] = 'deny';
             }
         } else {
             $finalNodePermissions = array();
         }
         $finalPermissions[$nodeId] = $finalNodePermissions;
         $finalPermissions += $this->_buildNodeTreePermissions($userId, $userGroupIds, $passPermissions, $permissionsGrouped, $nodeId);
     }
     return $finalPermissions;
 }