public static function allowAccess($res_action)
{
//if (aclService::$_accessMatrix)
// return aclService::$_accessMatrix;
// get the access matrix from session
aclService::$_accessMatrix = BizSystem::sessionContext()->getVar("_ACCESS_MATRIX");
if (!aclService::$_accessMatrix || count(aclService::$_accessMatrix) == 0) {
// get user profile
$profile = BizSystem::getUserProfile();
if (!$profile) {
return false;
}
// get the user role id
$roleIds = $profile['roles'];
if (!$roleIds) {
$roleIds[0] = 0;
}
// guest
$roleId_query = implode(",", $roleIds);
// generate the access matrix
$do = BizSystem::getObject(aclService::$role_actionDataObj);
$rs = $do->directFetch("[role_id] in ({$roleId_query})");
if (count($rs) == 0) {
return false;
}
aclService::$_accessMatrix = aclService::GenerateAccessMatrix($rs);
BizSystem::sessionContext()->setVar("_ACCESS_MATRIX", aclService::$_accessMatrix);
}
$accessLevel = self::$_defaultAccess;
// default is deny
if (isset(aclService::$_accessMatrix[$res_action])) {
$accessLevel = aclService::$_accessMatrix[$res_action];
}
switch ($accessLevel) {
case DENY:
// if access level is DENY, return false
return false;
case ALLOW:
// if access level is ALLOW or empty, return true
return true;
case ALLOW_OWNER:
// if access level is ALLOW_OWNER, check the OwnerField and OwnerValue.
// if ownerField's value == ownerValue, return true.
return true;
}
}
/**
* Clean ACL cache from session
*/
public function clearACLCache()
{
aclService::$_accessMatrix = null;
BizSystem::sessionContext()->setVar("_ACCESS_MATRIX", array());
BizSystem::sessionContext()->clearVar("_ACCESS_MATRIX");
}
/**
* Clean ACL cache from session
*/
public function clearACLCache()
{
aclService::$_accessMatrix = null;
Openbiz::$app->getSessionContext()->setVar("_ACCESS_MATRIX", array());
Openbiz::$app->getSessionContext()->clearVar("_ACCESS_MATRIX");
}