/** * @brief Retrieve the explicitly defined access record. * * This function is used internally to retrieve a complete list of roles * with the defined access modifiers included. * * @param String $suuid The subject UUID * @param String $ouuid The object UUID * @return Array The access record */ private static function getExplicitAccessRecord($suuid, $ouuid, $rlist) { $db = new DatabaseConnection(); $rolesraw = $db->getRows("SELECT role,access FROM aclconf WHERE object=%s AND subject=%s", $ouuid, $suuid); $rolesraw = arr::flip($rolesraw, 'role'); // Translate access into tristate booleans foreach ($rlist as $role) { if (arr::hasKey($rolesraw, $role)) { $rf = $rolesraw[$role]['access']; if ($rf == 'Y') { $access = self::ACL_ALLOW; } elseif ($rf == 'N') { $access = self::ACL_DENY; } else { $access = self::ACL_NULL; } } else { $access = self::ACL_NULL; } $roles[$role] = $access; } return $roles; }