/** * @brief Retrieve the access matrix for the subject. * * The matrix will contain all the roles as well as effective modifiers * applied including groups as well as the default roles. * * @param IAclObject $object The object to for which the access is queried * @param IAclSubject $subject The subject whos access is being queried * @return Array The access matrix */ static function getAccessMatrix(IAclObject $object, IAclSubject $subject) { // Get the object uuids $ouuid = $object->getObjectUuid(); $roles = $object->getObjectRoles(); // Get the uuid and groups from the subject $sgroups = $subject->getSubjectGroups(); $suuid = $subject->getSubjectUuid(); // Create database connection $db = new DatabaseConnection(); $matrix = array(); // Determine and label the default roles for the object $matrix[] = array('label' => sprintf('%s <%s>', typeOf($object), $ouuid), 'type' => self::TYP_OBJECT, 'roles' => $roles); // Compile a role list and save the effective roles $rlist = array(); foreach ($roles as $role => $def) { $rlist[] = $role; } $effective = $roles; // Determine and label the roles for the subjects groups foreach ($sgroups as $group) { $guuid = $group->getSubjectUuid(); $groles = acl::getExplicitAccessRecord($guuid, $ouuid, $rlist); $matrix[] = array('label' => sprintf('%s <%s>', (string) $group, $guuid), 'type' => self::TYP_GROUP, 'roles' => $groles); foreach ($effective as $role => $val) { if ($groles[$role] === self::ACL_DENY) { $effective[$role] = self::ACL_DENY; } elseif ($groles[$role] === self::ACL_ALLOW) { $effective[$role] = self::ACL_ALLOW; } } } // Determine and label the roles for the subject $sroles = acl::getExplicitAccessRecord($suuid, $ouuid, $rlist); $matrix[] = array('label' => sprintf('%s <%s>', (string) $subject, $suuid), 'type' => self::TYP_SUBJECT, 'roles' => $sroles); foreach ($effective as $role => $val) { if ($sroles[$role] === self::ACL_DENY) { $effective[$role] = self::ACL_DENY; } elseif ($sroles[$role] === self::ACL_ALLOW) { $effective[$role] = self::ACL_ALLOW; } } // Finally assemble the effective permissions $matrix[] = array('label' => sprintf('%s <%s>', (string) $subject, $suuid), 'type' => self::TYP_EFFECTIVE, 'roles' => $effective); // Return result return $matrix; }