/** * get recursively the permissions for the passed user under consideration of the parent user group * * @param User $user * @return Object_Permissions */ public function getPermissionsForUser(User $user) { $pathParts = explode("/", $this->model->getO_Path() . $this->model->getO_Key()); unset($pathParts[0]); $tmpPathes = array(); $pathConditionParts[] = "cpath = '/'"; foreach ($pathParts as $pathPart) { $tmpPathes[] = $pathPart; $pathConditionParts[] = $this->db->quoteInto("cpath = ?", "/" . implode("/", $tmpPathes)); } $pathCondition = implode(" OR ", $pathConditionParts); $permissionRaw = $this->db->fetchRow("SELECT id FROM objects_permissions WHERE (" . $pathCondition . ") AND userId = ? ORDER BY cpath DESC LIMIT 1", $user->getId()); //path condition for parent object $parentObjectPathParts = array_slice($pathParts, 0, -1); $parentObjectPathConditionParts[] = "cpath = '/'"; foreach ($parentObjectPathParts as $parentObjectPathPart) { $parentObjectTmpPaths[] = $parentObjectPathPart; $parentObjectPathConditionParts[] = $this->db->quoteInto("cpath = ?", "/" . implode("/", $parentObjectTmpPaths)); } $parentObjectPathCondition = implode(" OR ", $parentObjectPathConditionParts); $parentObjectPermissionRaw = $this->db->fetchRow("SELECT id FROM objects_permissions WHERE (" . $parentObjectPathCondition . ") AND userId = ? ORDER BY cpath DESC LIMIT 1", $user->getId()); $parentObjectPermissions = new Object_Permissions(); if ($parentObjectPermissionRaw["id"]) { $parentObjectPermissions = Object_Permissions::getById($parentObjectPermissionRaw["id"]); } $parentUser = $user->getParent(); if ($parentUser instanceof User and $parentUser->isAllowed("objects")) { $parentPermission = $this->getPermissionsForUser($parentUser); } else { $parentPermission = null; } $permission = new Object_Permissions(); if ($permissionRaw["id"] and $parentPermission instanceof Object_Permissions) { //consider user group permissions $permission = Object_Permissions::getById($permissionRaw["id"]); $permissionKeys = $permission->getValidPermissionKeys(); foreach ($permissionKeys as $key) { $getter = "get" . ucfirst($key); $setter = "set" . ucfirst($key); if (!$permission->getList() and !$parentPermission->getList() or !$parentObjectPermissions->getList()) { //no list - return false for all $permission->{$setter}(false); } else { if ($parentPermission->{$getter}()) { //if user group allows -> return true, it overrides the user permission! $permission->{$setter}(true); } } } } else { if ($permissionRaw["id"]) { //use user permissions, no user group to override anything $permission = Object_Permissions::getById($permissionRaw["id"]); //check parent object's list permission and current list permission if (!$parentObjectPermissions->getList() or !$permission->getList()) { $permissionKeys = $permission->getValidPermissionKeys(); foreach ($permissionKeys as $key) { $setter = "set" . ucfirst($key); $permission->{$setter}(false); } } } else { if ($parentPermission instanceof Object_Permissions and $parentPermission->getId() > 0) { //use user group permissions - no permission found for user at all $permission = $parentPermission; if (!$parentObjectPermissions->getList() or !$permission->getList()) { $permissionKeys = $permission->getValidPermissionKeys(); foreach ($permissionKeys as $key) { $setter = "set" . ucfirst($key); $permission->{$setter}(false); } } } else { //neither user group nor user has permissions set -> use default all allowed $permission->setUser($user); $permission->setUserId($user->getId()); $permission->setUsername($user->getUsername()); $permission->setCid($this->model->getId()); $permission->setCpath($this->model->getFullPath()); } } } $this->model->setO_UserPermissions($permission); return $permission; }