static function getPolicies($module_component = '', $username = '') { if (empty($module_component)) { return array(); } $module_component = strtolower($module_component); $permissions = new SystemPolicyControlListCollection(); $permissions->setViewName('sys_object_access_control_list'); if (!defined('EGS_COMPANY_ID')) { $sh = new SearchHandler($permissions, false, FALSE); } else { $sh = new SearchHandler($permissions, false); } $sh->addConstraint(new Constraint('module_component', '=', $module_component)); $system = System::Instance(); $cc = new ConstraintChain(); $cc1 = new ConstraintChain(); $cc1->add(new Constraint('access_type', '=', 'Role')); $roles = $system->access->roles; if (count($roles) > 0) { $cc1->add(new Constraint('access_object_id', 'IN', '(' . implode(',', $roles) . ')'), 'AND'); } $cc->add($cc1, 'AND'); $context = $system->getContext(); $cc2 = new ConstraintChain(); $cc2->add(new Constraint('access_type', '=', 'Permission')); if (count($context) > 0) { foreach ($context as $permission_context) { $context_id[] = $permission_context['id']; } $cc2->add(new Constraint('access_object_id', 'IN', '(' . implode(',', $context_id) . ')'), 'AND'); } $cc->add($cc2, 'OR'); $sh->addConstraint($cc); // echo 'SystemPolicyPermissionCollection::getPermissions constraint='.$sh->constraints->__toString().'<br>'; return $permissions->load($sh, null, RETURN_ROWS); }
function setPolicyConstraint($module_component = '', $field = '') { //echo 'DataObject('.get_class($this).')::setPolicyConstraint module component '.$module_component.'<br>'; if (!SYSTEM_POLICIES_ENABLED || empty($module_component)) { return; } if (isLoggedIn() && defined('EGS_USERNAME')) { if (!isset($this->_policyConstraint['constraint']) || !$this->_policyConstraint['constraint'] instanceof ConstraintChain) { $this->_policyConstraint['constraint'] = new ConstraintChain(); } $module_component = strtolower($module_component); $rows = SystemPolicyControlListCollection::getPolicies($module_component, EGS_USERNAME); if (!empty($rows)) { foreach ($rows as $value) { if (empty($value['value'])) { $value['value'] = 'NULL'; } elseif ($value['value'] == "'NULL'") { $value['value'] = 'NULL'; } if (strtolower(get_class($this)) == $module_component) { // Policy is for this dataobject so just add the constraint $this->_policyConstraint['constraint']->add(new Constraint($value['fieldname'], $value['operator'], $value['value']), $value['type'], $value['allowed'] === 't' ? FALSE : TRUE); $this->_policyConstraint['name'][] = ($value['allowed'] === 't' ? '' : 'not ') . $value['name']; $this->_policyConstraint['field'][] = $value['fieldname']; if ($value['operator'] == '=' && $value['allowed'] !== 't' || $value['operator'] == '!=' && $value['allowed'] === 't') { // save this value to check when creating enumerated arrays $this->enumCheck[$value['fieldname']][$value['value']] = ''; } } else { $fk_model = DataObjectFactory::Factory($module_component); //echo 'DataObject('.get_class($this).')::setPolicyConstraint FK Model:'.$module_component.' field:'.$field.'<pre>'.print_r($value, true).'</pre><br>'; if (!empty($field) && $fk_model->idField == $value['fieldname']) { // Policy is for foreign key primary key value $c = new Constraint($field, $value['operator'], $value['value']); if (!$this->_policyConstraint['constraint']->find($c)) { $this->_policyConstraint['constraint']->add($c, $value['type'], $value['allowed'] === 't' ? FALSE : TRUE); $this->_policyConstraint['name'][] = $value['allowed'] === 't' ? $value['name'] : 'not ' . $value['name']; $this->_policyConstraint['field'][] = $field; } } else { // Policy is for foreign key on non primary key field // so need to add constraint as subquery; this may be inefficient in large data sets! $sql = 'select ' . $fk_model->idField . ' from ' . $fk_model->getTablename() . ' where ' . $fk_model->_policyConstraint['constraint']->__toString(); $c = new Constraint($field, 'IN', '(' . $sql . ')'); if (!$this->_policyConstraint['constraint']->find($c)) { $this->_policyConstraint['constraint']->add($c, $value['type']); $this->_policyConstraint['name'][] = implode(',', $fk_model->_policyConstraint['name']); $this->_policyConstraint['field'][] = $field; } } } } } } }