/**
* @brief Retrieve the explicitly defined access record.
*
* This function is used internally to retrieve a complete list of roles
* with the defined access modifiers included.
*
* @param String $suuid The subject UUID
* @param String $ouuid The object UUID
* @return Array The access record
*/
private static function getExplicitAccessRecord($suuid, $ouuid, $rlist)
{
$db = new DatabaseConnection();
$rolesraw = $db->getRows("SELECT role,access FROM aclconf WHERE object=%s AND subject=%s", $ouuid, $suuid);
$rolesraw = arr::flip($rolesraw, 'role');
// Translate access into tristate booleans
foreach ($rlist as $role) {
if (arr::hasKey($rolesraw, $role)) {
$rf = $rolesraw[$role]['access'];
if ($rf == 'Y') {
$access = self::ACL_ALLOW;
} elseif ($rf == 'N') {
$access = self::ACL_DENY;
} else {
$access = self::ACL_NULL;
}
} else {
$access = self::ACL_NULL;
}
$roles[$role] = $access;
}
return $roles;
}
