public function checkActionAccessByGroups(action $action, array $groups) { static $groupMapper; profiler::addStack('acl::check'); $actionAclGroups = $action->getAcl(); $actionAclGroups[] = $action->getAclGroupName(); $actionAclGroups[] = aclManager::ACL__GROUP_ROOT; $actionAclGroups = array_unique($actionAclGroups, SORT_ASC); $actionGroupsCacheKey = 'acl/groups/' . md5(implode(',', $actionAclGroups)); $actionGroups = cache::getCached($actionGroupsCacheKey); if (!$actionGroups) { if ($groupMapper === null) { $groupMapper = groupMapper::getInstance(); } $cursor = $groupMapper->getAllBy([groupMapper::FIELD__GROUP_ALIAS => ['$in' => $actionAclGroups]]); $actionGroups = $this->expandGroupsByCursor($cursor); cache::setCached($actionGroupsCacheKey, $actionGroups, 3600); } $groups = array_unique($groups, SORT_ASC); $userGroupsCacheKey = 'acl/groups/' . md5(implode(',', $groups)); $userGroups = cache::getCached($userGroupsCacheKey); if (!$userGroups) { if ($groupMapper === null) { $groupMapper = groupMapper::getInstance(); } $cursor = $groupMapper->getAllBy([groupMapper::FIELD__GROUP_ALIAS => ['$in' => $groups]]); $userGroups = $this->expandGroupsByCursor($cursor); cache::setCached($userGroupsCacheKey, $userGroups, 3600); } $found = array_intersect($userGroups, $actionGroups); if (count($found) > 0) { return self::success($found, self::ACL__OK); } else { return self::error(['message' => 'Forbidden'], self::ACL__FORBIDDEN); } }