public static function run($allRules = false) { $database = Database::singleton(); $logger = Logger::getLogger('EXECENGINE'); $logger->info("ExecEngine run started"); // Load the execEngine functions (security hazard :P) $files = getDirectoryList(__DIR__ . '/functions'); foreach ($files as $file) { if (substr($file, -3) !== 'php') { continue; } require_once $path = __DIR__ . '/functions/' . $file; $logger->debug("Included file: {$path}"); } self::$roleName = Config::get('execEngineRoleName', 'execEngine'); try { $role = Role::getRoleByName(self::$roleName); } catch (Exception $e) { $logger->warning("ExecEngine extension included but role '" . self::$roleName . "' not used/defined in &-script."); self::$doRun = false; // prevent exec engine execution } $maxRunCount = Config::get('maxRunCount', 'execEngine'); self::$runCount = 0; self::$autoRerun = Config::get('autoRerun', 'execEngine'); // Get all rules that are maintained by the ExecEngine $rulesThatHaveViolations = array(); while (self::$doRun) { self::$doRun = false; self::$runCount++; // Prevent infinite loop in ExecEngine reruns if (self::$runCount > $maxRunCount) { Logger::getUserLogger()->error('Maximum reruns exceeded for ExecEngine (rules with violations:' . implode(', ', $rulesThatHaveViolations) . ')'); break; } $logger->notice("ExecEngine run #" . self::$runCount . " (auto rerun: " . var_export(self::$autoRerun, true) . ") for role '{$role->label}'"); // Determine affected rules that must be checked by the exec engine $affectedConjuncts = RuleEngine::getAffectedConjuncts($database->getAffectedConcepts(), $database->getAffectedRelations(), 'sig'); $affectedRules = array(); foreach ($affectedConjuncts as $conjunct) { $affectedRules = array_merge($affectedRules, $conjunct->sigRuleNames); } // Check rules $rulesThatHaveViolations = array(); foreach ($role->maintains() as $ruleName) { if (!in_array($ruleName, $affectedRules) && !$allRules) { continue; } // skip this rule $rule = Rule::getRule($ruleName); $violations = $rule->getViolations(false); if (count($violations)) { $rulesThatHaveViolations[] = $rule->id; // Fix violations for every rule $logger->notice("ExecEngine fixing " . count($violations) . " violations for rule '{$rule->id}'"); self::fixViolations($violations); // Conjunct violations are not cached, because they are fixed by the ExecEngine $logger->debug("Fixed " . count($violations) . " violations for rule '{$rule->__toString()}'"); // If $autoRerun, set $doRun to true because violations have been fixed (this may fire other execEngine rules) if (self::$autoRerun) { self::$doRun = true; } } } } $logger->info("ExecEngine run completed"); }
/** * Get session roles (i.e. allowed roles for the current loggedin user (if login is enabled) or all roles otherwise) * @return Role[] */ public function getSessionRoles() { if (!isset($this->sessionRoles)) { $sessionRoles = array(); if (Config::get('loginEnabled')) { $this->logger->debug("Getting interface 'SessionRoles' for {$this->sessionAtom->__toString()}"); $sessionRoleLabels = array_map(function ($o) { return $o->id; }, $this->sessionAtom->ifc('SessionRoles')->getTgtAtoms()); foreach (Role::getAllRoles() as $role) { if (in_array($role->label, $sessionRoleLabels)) { $sessionRoles[] = $role; } } } else { $sessionRoles = Role::getAllRoles(); } $this->sessionRoles = $sessionRoles; } return $this->sessionRoles; }