/**
* Determines if the database is searchable by user
*
* @param Xerxes_Data_Database $db
* @param Xerxes_Framework_Request $objRequest Xerxes request object
* @param Xerxes_Framework_Registry $objRegistry Xerxes registry object
* @return unknown
*/
public static function dbSearchableForUser(Xerxes_Data_Database $db, $objRequest, $objRegistry)
{
$allowed = "";
if ($db->searchable != 1) {
//nobody can search it!
$allowed = false;
} elseif ($db->guest_access != "") {
//anyone can search it!
$allowed = true;
} elseif (count($db->group_restrictions) > 0) {
// they have to be authenticated, and in a group that is included
// in the restrictions, or in an ip address associated with a
// restricted group.
$allowed = Xerxes_Framework_Restrict::isAuthenticatedUser($objRequest) && array_intersect($_SESSION["user_groups"], $db->group_restrictions);
if (!$allowed) {
// not by virtue of a login, but now check for ip address
$ranges = array();
foreach ($db->get("group_restrictions") as $group) {
$ranges[] = $objRegistry->getGroupLocalIpRanges($group);
}
$allowed = Xerxes_Framework_Restrict::isIpAddrInRanges($objRequest->getServer('REMOTE_ADDR'), implode(",", $ranges));
}
} else {
// ordinary generally restricted resource. they need to be
// an authenticated user, or in the local ip range.
if (Xerxes_Framework_Restrict::isAuthenticatedUser($objRequest) || Xerxes_Framework_Restrict::isIpAddrInRanges($objRequest->getServer('REMOTE_ADDR'), $objRegistry->getConfig("LOCAL_IP_RANGE"))) {
$allowed = true;
}
}
return $allowed;
}
