/** * Determines if the database is searchable by user * * @param Xerxes_Data_Database $db * @param Xerxes_Framework_Request $objRequest Xerxes request object * @param Xerxes_Framework_Registry $objRegistry Xerxes registry object * @return unknown */ public static function dbSearchableForUser(Xerxes_Data_Database $db, $objRequest, $objRegistry) { $allowed = ""; if ($db->searchable != 1) { //nobody can search it! $allowed = false; } elseif ($db->guest_access != "") { //anyone can search it! $allowed = true; } elseif (count($db->group_restrictions) > 0) { // they have to be authenticated, and in a group that is included // in the restrictions, or in an ip address associated with a // restricted group. $allowed = Xerxes_Framework_Restrict::isAuthenticatedUser($objRequest) && array_intersect($_SESSION["user_groups"], $db->group_restrictions); if (!$allowed) { // not by virtue of a login, but now check for ip address $ranges = array(); foreach ($db->get("group_restrictions") as $group) { $ranges[] = $objRegistry->getGroupLocalIpRanges($group); } $allowed = Xerxes_Framework_Restrict::isIpAddrInRanges($objRequest->getServer('REMOTE_ADDR'), implode(",", $ranges)); } } else { // ordinary generally restricted resource. they need to be // an authenticated user, or in the local ip range. if (Xerxes_Framework_Restrict::isAuthenticatedUser($objRequest) || Xerxes_Framework_Restrict::isIpAddrInRanges($objRequest->getServer('REMOTE_ADDR'), $objRegistry->getConfig("LOCAL_IP_RANGE"))) { $allowed = true; } } return $allowed; }