/**
* Determines whether current user is in a group with the specified role.
*
* @access public
* @param mixed $pm_role The role to test for the current user. Role may be specified by name, code or id.
* @return bool Returns true if user has the role, false if not.
*/
public function hasGroupRole($ps_role)
{
if (!($pn_user_id = $this->getPrimaryKey())) {
return false;
}
$vb_got_role = 0;
$t_role = new ca_user_roles();
if (is_numeric($ps_role)) {
$vb_got_role = $t_role->load($ps_role);
}
if (!$vb_got_role) {
if (!$t_role->load(array("name" => $ps_role))) {
if (!$t_role->load(array("code" => $ps_role))) {
return false;
}
}
$vb_got_role = 1;
}
if ($vb_got_role) {
$o_db = $this->getDb();
$qr_res = $o_db->query("\n\t\t\t\tSELECT wgr.role_id \n\t\t\t\tFROM ca_groups_x_roles wgr\n\t\t\t\tINNER JOIN ca_users_x_groups AS wuxg ON wuxg.group_id = wgr.group_id \n\t\t\t\tWHERE\n\t\t\t\t\t(wuxg.user_id = ?) AND\n\t\t\t\t\t(wgr.role_id = ?)\n\t\t\t", (int) $pn_user_id, (int) $t_role->getPrimaryKey());
if ($qr_res->nextRow()) {
return true;
} else {
return false;
}
} else {
$this->postError(940, _t("Invalid role '%1'", $ps_role), "User->hasGroupRole()");
return false;
}
}
public function getRolesAsDOM()
{
$t_role = new ca_user_roles();
$vo_roles = $this->opo_dom->createElement("roles");
$qr_roles = $this->opo_db->query("SELECT * FROM ca_user_roles");
while ($qr_roles->nextRow()) {
$t_role->load($qr_roles->get("role_id"));
$vo_role = $this->opo_dom->createElement("role");
$vo_role->setAttribute("code", $this->makeIDNO($t_role->get("code")));
$vo_role->appendChild($this->opo_dom->createElement("name", $t_role->get("name")));
$vo_role->appendChild($this->opo_dom->createElement("description", $t_role->get("description")));
if (is_array($va_actions = $t_role->getRoleActions())) {
$vo_actions = $this->opo_dom->createElement("actions");
foreach ($va_actions as $vs_action) {
$vo_actions->appendChild($this->opo_dom->createElement("action", $vs_action));
}
$vo_role->appendChild($vo_actions);
}
$vo_roles->appendChild($vo_role);
}
return $vo_roles;
}
public function getRolesAsDOM()
{
$t_role = new ca_user_roles();
$t_list = new ca_lists();
$t_ui_screens = new ca_editor_ui_screens();
$vo_roles = $this->opo_dom->createElement("roles");
$qr_roles = $this->opo_db->query("SELECT * FROM ca_user_roles");
while ($qr_roles->nextRow()) {
$t_role->load($qr_roles->get("role_id"));
$vo_role = $this->opo_dom->createElement("role");
$vo_role->setAttribute("code", $this->makeIDNO($t_role->get("code")));
$vo_role->appendChild($this->opo_dom->createElement("name", $t_role->get("name")));
$vo_role->appendChild($this->opo_dom->createElement("description", $t_role->get("description")));
if (is_array($va_actions = $t_role->getRoleActions())) {
$vo_actions = $this->opo_dom->createElement("actions");
foreach ($va_actions as $vs_action) {
$vo_actions->appendChild($this->opo_dom->createElement("action", $vs_action));
}
$vo_role->appendChild($vo_actions);
}
$va_vars = $t_role->get('vars');
// add bundle level ACL items
if (is_array($va_vars['bundle_access_settings'])) {
$vo_bundle_lvl_ac = $this->opo_dom->createElement("bundleLevelAccessControl");
foreach ($va_vars['bundle_access_settings'] as $vs_bundle => $vn_val) {
$va_tmp = explode('.', $vs_bundle);
$vs_table_name = $va_tmp[0];
$vs_bundle_name = $va_tmp[1];
if ($t_ui_screens->isAvailableBundle($vs_table_name, $vs_bundle_name)) {
// only add this entry to the export if it's actually a valid bundle
$vs_access = $this->_convertACLConstantToString(intval($vn_val));
$vo_permission = $this->opo_dom->createElement("permission");
$vo_bundle_lvl_ac->appendChild($vo_permission);
$vo_permission->setAttribute('table', $vs_table_name);
$vo_permission->setAttribute('bundle', $vs_bundle_name);
$vo_permission->setAttribute('access', $vs_access);
}
}
$vo_role->appendChild($vo_bundle_lvl_ac);
}
// add type level ACL items
if (is_array($va_vars['type_access_settings'])) {
$vo_type_lvl_ac = $this->opo_dom->createElement("typeLevelAccessControl");
foreach ($va_vars['type_access_settings'] as $vs_id => $vn_val) {
$va_tmp = explode('.', $vs_id);
$vs_table_name = $va_tmp[0];
$vn_type_id = $va_tmp[1];
$vs_access = $this->_convertACLConstantToString(intval($vn_val));
/** @var BaseModelWithAttributes $t_instance */
$t_instance = $this->opo_dm->getInstanceByTableName($vs_table_name, true);
if (!($vs_list_code = $t_instance->getTypeListCode())) {
continue;
}
$va_item = $t_list->getItemFromListByItemID($vs_list_code, $vn_type_id);
if (!isset($va_item['idno'])) {
continue;
}
$vo_permission = $this->opo_dom->createElement("permission");
$vo_type_lvl_ac->appendChild($vo_permission);
$vo_permission->setAttribute('table', $vs_table_name);
$vo_permission->setAttribute('type', $va_item['idno']);
$vo_permission->setAttribute('access', $vs_access);
}
$vo_role->appendChild($vo_type_lvl_ac);
}
$vo_roles->appendChild($vo_role);
}
return $vo_roles;
}
/**
* Determines whether current group has a specified role.
*
* @access public
* @param mixed $pm_role The role to test for the current group. Role may be specified by name, code or id.
* @return bool Returns true if group has the role, false if not.
*/
function hasGroupRole($ps_role)
{
if (!($vn_group_id = $this->getPrimaryKey())) {
return false;
}
$vb_got_role = 0;
$t_role = new ca_user_roles();
if (is_numeric($ps_role)) {
$vb_got_role = $t_role->load($ps_role);
}
if (!$vb_got_role) {
if (!$t_role->load(array("name" => $ps_role))) {
if (!$t_role->load(array("code" => $ps_role))) {
return false;
}
}
$vb_got_role = 1;
}
if ($vb_got_role) {
$o_db = $this->getDb();
$qr_res = $o_db->query("\n\t\t\t\tSELECT * \n\t\t\t\tFROM ca_groups_x_roles\n\t\t\t\tWHERE\n\t\t\t\t\t(group_id = ?) AND\n\t\t\t\t\t(role_id = ?)\n\t\t\t", (int) $vn_group_id, (int) $t_role->getPrimaryKey());
if (!$qr_res) {
return false;
}
if ($qr_res->nextRow()) {
return true;
} else {
return false;
}
} else {
$this->postError(940, _t("Invalid role '%1'", $ps_role), "ca_user_groups->hasRole()");
return false;
}
}
