static function getPolicies($module_component = '', $username = '')
{
if (empty($module_component)) {
return array();
}
$module_component = strtolower($module_component);
$permissions = new SystemPolicyControlListCollection();
$permissions->setViewName('sys_object_access_control_list');
if (!defined('EGS_COMPANY_ID')) {
$sh = new SearchHandler($permissions, false, FALSE);
} else {
$sh = new SearchHandler($permissions, false);
}
$sh->addConstraint(new Constraint('module_component', '=', $module_component));
$system = System::Instance();
$cc = new ConstraintChain();
$cc1 = new ConstraintChain();
$cc1->add(new Constraint('access_type', '=', 'Role'));
$roles = $system->access->roles;
if (count($roles) > 0) {
$cc1->add(new Constraint('access_object_id', 'IN', '(' . implode(',', $roles) . ')'), 'AND');
}
$cc->add($cc1, 'AND');
$context = $system->getContext();
$cc2 = new ConstraintChain();
$cc2->add(new Constraint('access_type', '=', 'Permission'));
if (count($context) > 0) {
foreach ($context as $permission_context) {
$context_id[] = $permission_context['id'];
}
$cc2->add(new Constraint('access_object_id', 'IN', '(' . implode(',', $context_id) . ')'), 'AND');
}
$cc->add($cc2, 'OR');
$sh->addConstraint($cc);
// echo 'SystemPolicyPermissionCollection::getPermissions constraint='.$sh->constraints->__toString().'<br>';
return $permissions->load($sh, null, RETURN_ROWS);
}
function setPolicyConstraint($module_component = '', $field = '')
{
//echo 'DataObject('.get_class($this).')::setPolicyConstraint module component '.$module_component.'<br>';
if (!SYSTEM_POLICIES_ENABLED || empty($module_component)) {
return;
}
if (isLoggedIn() && defined('EGS_USERNAME')) {
if (!isset($this->_policyConstraint['constraint']) || !$this->_policyConstraint['constraint'] instanceof ConstraintChain) {
$this->_policyConstraint['constraint'] = new ConstraintChain();
}
$module_component = strtolower($module_component);
$rows = SystemPolicyControlListCollection::getPolicies($module_component, EGS_USERNAME);
if (!empty($rows)) {
foreach ($rows as $value) {
if (empty($value['value'])) {
$value['value'] = 'NULL';
} elseif ($value['value'] == "'NULL'") {
$value['value'] = 'NULL';
}
if (strtolower(get_class($this)) == $module_component) {
// Policy is for this dataobject so just add the constraint
$this->_policyConstraint['constraint']->add(new Constraint($value['fieldname'], $value['operator'], $value['value']), $value['type'], $value['allowed'] === 't' ? FALSE : TRUE);
$this->_policyConstraint['name'][] = ($value['allowed'] === 't' ? '' : 'not ') . $value['name'];
$this->_policyConstraint['field'][] = $value['fieldname'];
if ($value['operator'] == '=' && $value['allowed'] !== 't' || $value['operator'] == '!=' && $value['allowed'] === 't') {
// save this value to check when creating enumerated arrays
$this->enumCheck[$value['fieldname']][$value['value']] = '';
}
} else {
$fk_model = DataObjectFactory::Factory($module_component);
//echo 'DataObject('.get_class($this).')::setPolicyConstraint FK Model:'.$module_component.' field:'.$field.'<pre>'.print_r($value, true).'</pre><br>';
if (!empty($field) && $fk_model->idField == $value['fieldname']) {
// Policy is for foreign key primary key value
$c = new Constraint($field, $value['operator'], $value['value']);
if (!$this->_policyConstraint['constraint']->find($c)) {
$this->_policyConstraint['constraint']->add($c, $value['type'], $value['allowed'] === 't' ? FALSE : TRUE);
$this->_policyConstraint['name'][] = $value['allowed'] === 't' ? $value['name'] : 'not ' . $value['name'];
$this->_policyConstraint['field'][] = $field;
}
} else {
// Policy is for foreign key on non primary key field
// so need to add constraint as subquery; this may be inefficient in large data sets!
$sql = 'select ' . $fk_model->idField . ' from ' . $fk_model->getTablename() . ' where ' . $fk_model->_policyConstraint['constraint']->__toString();
$c = new Constraint($field, 'IN', '(' . $sql . ')');
if (!$this->_policyConstraint['constraint']->find($c)) {
$this->_policyConstraint['constraint']->add($c, $value['type']);
$this->_policyConstraint['name'][] = implode(',', $fk_model->_policyConstraint['name']);
$this->_policyConstraint['field'][] = $field;
}
}
}
}
}
}
}
