public static function run($allRules = false)
{
$database = Database::singleton();
$logger = Logger::getLogger('EXECENGINE');
$logger->info("ExecEngine run started");
// Load the execEngine functions (security hazard :P)
$files = getDirectoryList(__DIR__ . '/functions');
foreach ($files as $file) {
if (substr($file, -3) !== 'php') {
continue;
}
require_once $path = __DIR__ . '/functions/' . $file;
$logger->debug("Included file: {$path}");
}
self::$roleName = Config::get('execEngineRoleName', 'execEngine');
try {
$role = Role::getRoleByName(self::$roleName);
} catch (Exception $e) {
$logger->warning("ExecEngine extension included but role '" . self::$roleName . "' not used/defined in &-script.");
self::$doRun = false;
// prevent exec engine execution
}
$maxRunCount = Config::get('maxRunCount', 'execEngine');
self::$runCount = 0;
self::$autoRerun = Config::get('autoRerun', 'execEngine');
// Get all rules that are maintained by the ExecEngine
$rulesThatHaveViolations = array();
while (self::$doRun) {
self::$doRun = false;
self::$runCount++;
// Prevent infinite loop in ExecEngine reruns
if (self::$runCount > $maxRunCount) {
Logger::getUserLogger()->error('Maximum reruns exceeded for ExecEngine (rules with violations:' . implode(', ', $rulesThatHaveViolations) . ')');
break;
}
$logger->notice("ExecEngine run #" . self::$runCount . " (auto rerun: " . var_export(self::$autoRerun, true) . ") for role '{$role->label}'");
// Determine affected rules that must be checked by the exec engine
$affectedConjuncts = RuleEngine::getAffectedConjuncts($database->getAffectedConcepts(), $database->getAffectedRelations(), 'sig');
$affectedRules = array();
foreach ($affectedConjuncts as $conjunct) {
$affectedRules = array_merge($affectedRules, $conjunct->sigRuleNames);
}
// Check rules
$rulesThatHaveViolations = array();
foreach ($role->maintains() as $ruleName) {
if (!in_array($ruleName, $affectedRules) && !$allRules) {
continue;
}
// skip this rule
$rule = Rule::getRule($ruleName);
$violations = $rule->getViolations(false);
if (count($violations)) {
$rulesThatHaveViolations[] = $rule->id;
// Fix violations for every rule
$logger->notice("ExecEngine fixing " . count($violations) . " violations for rule '{$rule->id}'");
self::fixViolations($violations);
// Conjunct violations are not cached, because they are fixed by the ExecEngine
$logger->debug("Fixed " . count($violations) . " violations for rule '{$rule->__toString()}'");
// If $autoRerun, set $doRun to true because violations have been fixed (this may fire other execEngine rules)
if (self::$autoRerun) {
self::$doRun = true;
}
}
}
}
$logger->info("ExecEngine run completed");
}
/**
* Get session roles (i.e. allowed roles for the current loggedin user (if login is enabled) or all roles otherwise)
* @return Role[]
*/
public function getSessionRoles()
{
if (!isset($this->sessionRoles)) {
$sessionRoles = array();
if (Config::get('loginEnabled')) {
$this->logger->debug("Getting interface 'SessionRoles' for {$this->sessionAtom->__toString()}");
$sessionRoleLabels = array_map(function ($o) {
return $o->id;
}, $this->sessionAtom->ifc('SessionRoles')->getTgtAtoms());
foreach (Role::getAllRoles() as $role) {
if (in_array($role->label, $sessionRoleLabels)) {
$sessionRoles[] = $role;
}
}
} else {
$sessionRoles = Role::getAllRoles();
}
$this->sessionRoles = $sessionRoles;
}
return $this->sessionRoles;
}
