Ejemplo n.º 1
0
 /**
  * @brief Retrieve the access matrix for the subject.
  *
  * The matrix will contain all the roles as well as effective modifiers
  * applied including groups as well as the default roles.
  *
  * @param IAclObject $object The object to for which the access is queried
  * @param IAclSubject $subject The subject whos access is being queried
  * @return Array The access matrix
  */
 static function getAccessMatrix(IAclObject $object, IAclSubject $subject)
 {
     // Get the object uuids
     $ouuid = $object->getObjectUuid();
     $roles = $object->getObjectRoles();
     // Get the uuid and groups from the subject
     $sgroups = $subject->getSubjectGroups();
     $suuid = $subject->getSubjectUuid();
     // Create database connection
     $db = new DatabaseConnection();
     $matrix = array();
     // Determine and label the default roles for the object
     $matrix[] = array('label' => sprintf('%s <%s>', typeOf($object), $ouuid), 'type' => self::TYP_OBJECT, 'roles' => $roles);
     // Compile a role list and save the effective roles
     $rlist = array();
     foreach ($roles as $role => $def) {
         $rlist[] = $role;
     }
     $effective = $roles;
     // Determine and label the roles for the subjects groups
     foreach ($sgroups as $group) {
         $guuid = $group->getSubjectUuid();
         $groles = acl::getExplicitAccessRecord($guuid, $ouuid, $rlist);
         $matrix[] = array('label' => sprintf('%s <%s>', (string) $group, $guuid), 'type' => self::TYP_GROUP, 'roles' => $groles);
         foreach ($effective as $role => $val) {
             if ($groles[$role] === self::ACL_DENY) {
                 $effective[$role] = self::ACL_DENY;
             } elseif ($groles[$role] === self::ACL_ALLOW) {
                 $effective[$role] = self::ACL_ALLOW;
             }
         }
     }
     // Determine and label the roles for the subject
     $sroles = acl::getExplicitAccessRecord($suuid, $ouuid, $rlist);
     $matrix[] = array('label' => sprintf('%s <%s>', (string) $subject, $suuid), 'type' => self::TYP_SUBJECT, 'roles' => $sroles);
     foreach ($effective as $role => $val) {
         if ($sroles[$role] === self::ACL_DENY) {
             $effective[$role] = self::ACL_DENY;
         } elseif ($sroles[$role] === self::ACL_ALLOW) {
             $effective[$role] = self::ACL_ALLOW;
         }
     }
     // Finally assemble the effective permissions
     $matrix[] = array('label' => sprintf('%s <%s>', (string) $subject, $suuid), 'type' => self::TYP_EFFECTIVE, 'roles' => $effective);
     // Return result
     return $matrix;
 }