/** * Returns a list of Permission domain objects for the given user. * * @param UmgtUser $user the user object * * @return UmgtPermission[] $permissions the user's permissions * * @author Christian Achatz * @version * Version 0.1, 29.12.2008<br /> * Version 0.2, 02.01.2009 (Implemented the method)<br /> */ public function loadUserPermissions(UmgtUser $user) { $orm = $this->getORMapper(); // load all roles by the user itself and it's groups $select = 'SELECT DISTINCT `ent_role`.`RoleID` FROM `ent_role` INNER JOIN `ass_role2user` ON `ent_role`.`RoleID` = `ass_role2user`.`Source_RoleID` INNER JOIN `ent_user` ON `ass_role2user`.`Target_UserID` = `ent_user`.`UserID` WHERE `ent_user`.`UserID` = \'' . $user->getObjectId() . '\';'; /* @var $roles UmgtRole[] */ $roles = $orm->loadObjectListByTextStatement('Role', $select); $groups = $this->loadGroupsWithUser($user); foreach ($groups as $group) { $select = 'SELECT DISTINCT `ent_role`.`RoleID` FROM `ent_role` INNER JOIN `ass_role2group` ON `ent_role`.`RoleID` = `ass_role2group`.`Source_RoleID` INNER JOIN `ent_group` ON `ass_role2group`.`Target_GroupID` = `ent_group`.`GroupID` WHERE `ent_group`.`GroupID` = \'' . $group->getObjectId() . '\';'; $roles = array_merge($roles, $orm->loadObjectListByTextStatement('Role', $select)); } // we can use array_unique() here, because GenericORMapperDataObject implements __toString() method $roles = array_unique($roles); $permissions = []; foreach ($roles as $role) { $select = 'SELECT DISTINCT `ent_permission`.* FROM `ent_permission` INNER JOIN `ass_role2permission` ON `ent_permission`.`PermissionID` = `ass_role2permission`.`Target_PermissionID` INNER JOIN `ent_role` ON `ass_role2permission`.`Source_RoleID` = `ent_role`.`RoleID` WHERE `ent_role`.`RoleID` = \'' . $role->getObjectId() . '\';'; $permissions = array_merge($permissions, $orm->loadObjectListByTextStatement('Permission', $select)); } // due to the fact, that unique'ing the array is a cost-intensive operation, we agreed to return a // duplicate set of permissions. return $permissions; }