/**
* This helper function will create a new privilege object for the object in question.
* It will initialize the privilege with the values given in the arguments, as outlined
* below.
*
* This call requires the <i>midgard:privileges</i> privilege.
*
* @param midcom_core_dbaobject $object The DBA object we're working on
* @param string $name The name of the privilege to add.
* @param int $value The privilege value, this defaults to MIDCOM_PRIVILEGE_ALLOW.
* @param mixed $assignee A valid assignee suitable for midcom_core_privilege::set_privilege(). This defaults to the currently
* active user if authenticated or to 'EVERYONE' otherwise.
* @param string $classname An optional class name to which a SELF privilege gets restricted to. Only valid for SELF privileges.
* @return midcom_core_privilege The newly created privilege record or false on failure.
*/
public static function create_new_privilege_object(midcom_core_dbaobject $object, $name, $assignee = null, $value = MIDCOM_PRIVILEGE_ALLOW, $classname = '')
{
if (!$object->can_do('midgard:privileges')) {
debug_add('Could not create a new privilege, permission denied.', MIDCOM_LOG_WARN);
return false;
}
if ($assignee === null) {
if (midcom::get('auth')->user === null) {
$assignee = 'EVERYONE';
} else {
$assignee =& midcom::get('auth')->user;
}
}
$privilege = new midcom_core_privilege();
if (!$privilege->set_assignee($assignee)) {
debug_add('Failed to set the assignee, aborting.', MIDCOM_LOG_INFO);
return false;
}
$privilege->set_object($object);
$privilege->privilegename = $name;
$privilege->value = $value;
$privilege->classname = $classname;
if (!$privilege->validate()) {
debug_add('Failed to validate the newly created privilege.', MIDCOM_LOG_INFO);
return false;
}
return $privilege;
}