Get entities for which a user have a right
static public getForUser ( $user_ID, $only_dynamic = false ) : array | ||
$user_ID | user ID | |
$only_dynamic | get only recursive rights (false by default) | |
Résultat | array | of entities ID |
/** * Apply rules to determine dynamic rights of the user * * @return boolean : true if we play the Rule Engine **/ function applyRightRules() { global $DB; $return = false; if ((isset($this->fields['_ruleright_process']) || isset($this->input['_ruleright_process'])) && isset($this->fields["authtype"]) && ($this->fields["authtype"] == Auth::LDAP || $this->fields["authtype"] == Auth::MAIL || Auth::isAlternateAuth($this->fields["authtype"]))) { $dynamic_profiles = Profile_User::getForUser($this->fields["id"], true); if (isset($this->fields["id"]) && $this->fields["id"] > 0 && isset($this->input["_ldap_rules"]) && count($this->input["_ldap_rules"])) { //and add/update/delete only if it's necessary ! if (isset($this->input["_ldap_rules"]["rules_entities_rights"])) { $entities_rules = $this->input["_ldap_rules"]["rules_entities_rights"]; } else { $entities_rules = array(); } if (isset($this->input["_ldap_rules"]["rules_entities"])) { $entities = $this->input["_ldap_rules"]["rules_entities"]; } else { $entities = array(); } if (isset($this->input["_ldap_rules"]["rules_rights"])) { $rights = $this->input["_ldap_rules"]["rules_rights"]; } else { $rights = array(); } $retrieved_dynamic_profiles = array(); //For each affectation -> write it in DB foreach ($entities_rules as $entity) { //Multiple entities assignation if (is_array($entity[0])) { foreach ($entity[0] as $tmp => $ent) { $affectation['entities_id'] = $ent; $affectation['profiles_id'] = $entity[1]; $affectation['is_recursive'] = $entity[2]; $affectation['users_id'] = $this->fields['id']; $affectation['is_dynamic'] = 1; $retrieved_dynamic_profiles[] = $affectation; } } else { $affectation['entities_id'] = $entity[0]; $affectation['profiles_id'] = $entity[1]; $affectation['is_recursive'] = $entity[2]; $affectation['users_id'] = $this->fields['id']; $affectation['is_dynamic'] = 1; $retrieved_dynamic_profiles[] = $affectation; } } if (count($entities) > 0 && count($rights) == 0) { if ($def_prof = Profile::getDefault()) { $rights[] = $def_prof; } } if (count($rights) > 0 && count($entities) > 0) { foreach ($rights as $right) { foreach ($entities as $entity) { $affectation['entities_id'] = $entity[0]; $affectation['profiles_id'] = $right; $affectation['users_id'] = $this->fields['id']; $affectation['is_recursive'] = $entity[1]; $affectation['is_dynamic'] = 1; $retrieved_dynamic_profiles[] = $affectation; } } } // Compare retrived profiles to existing ones : clean arrays to do purge and add if (count($retrieved_dynamic_profiles)) { foreach ($retrieved_dynamic_profiles as $keyretr => $retr_profile) { $found = false; foreach ($dynamic_profiles as $keydb => $db_profile) { // Found existing profile : unset values in array if (!$found && $db_profile['entities_id'] == $retr_profile['entities_id'] && $db_profile['profiles_id'] == $retr_profile['profiles_id'] && $db_profile['is_recursive'] == $retr_profile['is_recursive']) { unset($retrieved_dynamic_profiles[$keyretr]); unset($dynamic_profiles[$keydb]); } } } } // Add new dynamic profiles if (count($retrieved_dynamic_profiles)) { $right = new Profile_User(); foreach ($retrieved_dynamic_profiles as $keyretr => $retr_profile) { $right->add($retr_profile); } } //Unset all the temporary tables unset($this->input["_ldap_rules"]); $return = true; } // Delete old dynamic profiles if (count($dynamic_profiles)) { $right = new Profile_User(); foreach ($dynamic_profiles as $keydb => $db_profile) { $right->delete($db_profile); } } } return $return; }
/** * @see RuleCollection::prepareInputDataForProcess() **/ function prepareInputDataForProcess($input, $params) { $input['mailcollector'] = $params['mailcollector']; $input['_users_id_requester'] = $params['_users_id_requester']; $fields = $this->getFieldsToLookFor(); //Add needed ticket datas for rules processing if (isset($params['ticket']) && is_array($params['ticket'])) { foreach ($params['ticket'] as $key => $value) { if (in_array($key, $fields) && !isset($input[$key])) { $input[$key] = $value; } } } //Add needed headers for rules processing if (isset($params['headers']) && is_array($params['headers'])) { foreach ($params['headers'] as $key => $value) { if (in_array($key, $fields) && !isset($input[$key])) { $input[$key] = $value; } } } //Add all user's groups if (in_array('groups', $fields)) { foreach (Group_User::getUserGroups($input['_users_id_requester']) as $group) { $input['GROUPS'][] = $group['id']; } } //Add all user's profiles if (in_array('profiles', $fields)) { foreach (Profile_User::getForUser($input['_users_id_requester']) as $profile) { $input['PROFILES'][$profile['profiles_id']] = $profile['profiles_id']; } } //If the criteria is "user has only one time the profile xxx" if (in_array('unique_profile', $fields)) { //Get all profiles $profiles = Profile_User::getForUser($input['_users_id_requester']); foreach ($profiles as $profile) { if (Profile_User::haveUniqueRight($input['_users_id_requester'], $profile['profiles_id'])) { $input['UNIQUE_PROFILE'][$profile['profiles_id']] = $profile['profiles_id']; } } } //Store the number of profiles of which the user belongs to if (in_array('one_profile', $fields)) { $profiles = Profile_User::getForUser($input['_users_id_requester']); if (count($profiles) == 1) { $tmp = array_pop($profiles); $input['ONE_PROFILE'] = $tmp['profiles_id']; } } //Store the number of profiles of which the user belongs to if (in_array('known_domain', $fields)) { if (preg_match("/@(.*)/", $input['from'], $results)) { if (Entity::getEntityIDByDomain($results[1]) != -1) { $input['KNOWN_DOMAIN'] = 1; } else { $input['KNOWN_DOMAIN'] = 0; } } } return $input; }