/** * Apply authz rules for who may manage. * * @param AIR2_Query $q * @param User $u * @param string $alias (optional) */ public static function query_may_manage(AIR2_Query $q, User $u, $alias = null) { if ($u->is_system()) { return; } $a = $alias ? "{$alias}." : ""; $user_id = $u->user_id; $prjq = $q->createSubquery(); $prjq->select('prj.prj_id'); $prjq->from('Project prj'); Project::query_may_manage($prjq, $u); $q->addWhere("{$a}prjan_prj_id IN (" . $prjq->getDql() . ")"); $q->addWhere("{$a}prjan_cre_user = ?", $u->user_id); }