/**
* setting security inheritance flag for an item
*
* @param array $p {
* @type int $id id of tree node
* @type boolean $inherit set inherit to true or false
* @type string $copyRules when removing inheritance ($inherit = false)
* then this value could be set to 'yes' or 'no'
* for copying inherited rules to current node
* }
*
*/
public function setInheritance($p)
{
/* check input params */
if (empty($p['id']) || !isset($p['inherit']) || !is_numeric($p['id']) || !is_bool($p['inherit'])) {
throw new \Exception(L\get('Wrong_input_data'));
}
/* end of check input params */
if (!Security::isAdmin() && !Security::canChangePermissions($p['id'])) {
throw new \Exception(L\get('Access_denied'));
}
/* checking if current inherit value is not already set to requested state */
$inherit_acl = false;
$r = DM\Tree::read($p['id']);
if (!empty($r)) {
$inherit_acl = $r['inherit_acl'];
} else {
throw new \Exception(L\get('Object_not_found'));
}
if ($inherit_acl == $p['inherit']) {
return array('success' => false);
}
/* end of checking if current inherit value is not already set to requested state */
// make pre update changes
if ($p['inherit']) {
DB\dbQuery('DELETE from tree_acl WHERE node_id = $1', $p['id']);
} else {
switch (@$p['copyRules']) {
case 'yes':
//copy all inherited rules to current object
$acl = $this->getObjectAcl($p);
foreach ($acl['data'] as $rule) {
$allow = explode(',', str_replace('2', '1', $rule['allow']));
$deny = explode(',', str_replace('2', '1', $rule['deny']));
for ($i = 0; $i < 12; $i++) {
$allow[$i] = $allow[$i] == 1 ? '1' : '0';
$deny[$i] = $deny[$i] == -1 ? '1' : '0';
}
$allow = array_reverse($allow);
$deny = array_reverse($deny);
$allow = bindec(implode('', $allow));
$deny = bindec(implode('', $deny));
DB\dbQuery('INSERT INTO tree_acl (
node_id
,user_group_id
,allow
,deny
,cid)
VALUES($1
,$2
,$3
,$4
,$5) ON duplicate KEY
UPDATE allow = $3
,deny = $4
,uid = $5
,udate = CURRENT_TIMESTAMP', array($p['id'], $rule['id'], $allow, $deny, User::getId()));
}
break;
default:
DB\dbQuery('DELETE from tree_acl WHERE node_id = $1', $p['id']);
break;
}
}
// updating inherit flag for the object
DM\Tree::update(array('id' => $p['id'], 'inherit_acl' => intval($p['inherit'])));
Security::calculateUpdatedSecuritySets();
Solr\Client::runBackgroundCron();
return array('success' => true, 'data' => array());
}
/**
* Save access data specified for a user in UserManagement form (groups association)
*
*
*/
public function saveAccessData($p)
{
if (!User::isVerified()) {
return array('success' => false, 'verify' => true);
}
if (!Security::canManage()) {
throw new \Exception(L\get('Access_denied'));
}
$p = (array) $p;
@($user_id = $this->extractId($p['id']));
/* analize groups:
- for newly associated groups the access should be updated
- for deassociated groups the access also should be reviewed/**/
/* get current user groups */
$current_groups = UsersGroups::getGroupIdsForUser($user_id);
$updating_groups = Util\toNumericArray(@$p['groups']);
$new_groups = array_diff($updating_groups, $current_groups);
$deleting_groups = array_diff($current_groups, $updating_groups);
foreach ($new_groups as $group_id) {
DB\dbQuery('INSERT INTO users_groups_association (user_id, group_id, cid)
VALUES($1, $2, $3)
ON DUPLICATE KEY
UPDATE uid = $3', array($user_id, $group_id, $_SESSION['user']['id'])) or die(DB\dbQueryError());
}
if (!empty($deleting_groups)) {
DB\dbQuery('DELETE
FROM users_groups_association
WHERE user_id = $1
AND group_id IN (' . implode(', ', $deleting_groups) . ')', $user_id) or die(DB\dbQueryError());
}
Security::calculateUpdatedSecuritySets($user_id);
Solr\Client::runBackgroundCron();
return array('success' => true);
}
