/** * get objects acl list * @param $p client side request params with field config * @param boolean $inherited flag to include inherited rules also * @return array json responce */ public function getObjectAcl($p, $inherited = true) { $rez = array('success' => true, 'data' => array(), 'name' => ''); if (!is_numeric($p['id'])) { return $rez; } if (empty($this->internalAccessing) && !Security::canRead($p['id'])) { throw new \Exception(L\get('Access_denied')); } /* set object title, path and inheriting access ids path*/ $obj_ids = array(); $res = DB\dbQuery('SELECT ti.`path` ,t.name ,t.inherit_acl ,ts.`set` `obj_ids` FROM tree t JOIN tree_info ti ON t.id = ti.id LEFT JOIN tree_acl_security_sets ts ON ti.security_set_id = ts.id WHERE t.id = $1', $p['id']) or die(DB\dbQueryError()); if ($r = $res->fetch_assoc()) { $rez['path'] = Path::replaceCustomNames($r['path']); $rez['name'] = Path::replaceCustomNames($r['name']); $rez['inherit_acl'] = $r['inherit_acl']; $obj_ids = explode(',', $r['obj_ids']); } $res->close(); /* end of set object title and path*/ /* get the full set of access credentials(users and/or groups) including inherited from parents */ $lid = Config::get('user_language_index', 1); $res = DB\dbQuery('SELECT DISTINCT u.id ,u.`name` ,u.`first_name` ,u.`last_name` ,u.`system` ,u.`enabled` ,u.`type` ,u.`sex` FROM tree_acl a JOIN users_groups u ON a.user_group_id = u.id WHERE a.node_id ' . ($inherited ? ' in (0' . implode(',', $obj_ids) . ')' : ' = $1 ') . ' ORDER BY u.`type`, 2', $p['id']) or die(DB\dbQueryError()); while ($r = $res->fetch_assoc()) { $r['user_group_id'] = $r['id']; $r['name'] = User::getDisplayName($r); $r['iconCls'] = $r['type'] == 1 ? 'icon-users' : 'icon-user-' . $r['sex']; unset($r['sex']); $access = $this->getUserGroupAccessForObject($p['id'], $r['id']); $r['allow'] = implode(',', $access[0]); $r['deny'] = implode(',', $access[1]); $rez['data'][] = $r; } $res->close(); /* end of get the full set of access credentials(users and/or groups) including inherited from parents */ return $rez; }