public function checkPolicy($criteria, $targets = null, modUser $user = null) { if (!$user) { $user =& $this->xpdo->user; } if ($criteria && $this->xpdo instanceof modX && $this->xpdo->getSessionState() == modX::SESSION_STATE_INITIALIZED) { if ($user->get('sudo')) { return true; } if (!is_array($criteria) && is_scalar($criteria)) { $criteria = array("{$criteria}" => true); } $policy = $this->findPolicy(); if (!empty($policy)) { // print "sdfdfd"; $principal = $user->getAttributes($targets); if (!empty($principal)) { foreach ($policy as $policyAccess => $access) { foreach ($access as $targetId => $targetPolicy) { foreach ($targetPolicy as $policyIndex => $applicablePolicy) { if ($this->xpdo->getDebug() === true) { $this->xpdo->log(xPDO::LOG_LEVEL_DEBUG, 'target pk=' . $this->getPrimaryKey() . '; evaluating policy: ' . print_r($applicablePolicy, 1) . ' against principal for user id=' . $user->id . ': ' . print_r($principal[$policyAccess], 1)); } $principalPolicyData = array(); $principalAuthority = 9999; if (isset($principal[$policyAccess][$targetId]) && is_array($principal[$policyAccess][$targetId])) { foreach ($principal[$policyAccess][$targetId] as $acl) { $principalAuthority = intval($acl['authority']); $principalPolicyData = $acl['policy']; $principalId = $acl['principal']; if ($applicablePolicy['principal'] == $principalId) { if ($principalAuthority <= $applicablePolicy['authority']) { if (!$applicablePolicy['policy']) { return true; } if (empty($principalPolicyData)) { $principalPolicyData = array(); } $matches = array_intersect_assoc($principalPolicyData, $applicablePolicy['policy']); if ($matches) { if ($this->xpdo->getDebug() === true) { $this->xpdo->log(modX::LOG_LEVEL_DEBUG, 'Evaluating policy matches: ' . print_r($matches, 1)); } $matched = array_diff_assoc($criteria, $matches); if (empty($matched)) { return true; } } } } } } } } } } return false; } } return true; }