/** * Does given user have the requested clearance for this object ? * This method is pretty heavy, so if it must be used on a lots of objects, prefer usage of a search on those objects, it is much faster. * * @param cms_profile_user $user : the user to check clearance * @param constant $clearance : the requested clearance to check (default : CLEARANCE_MODULE_VIEW) * @param boolean $checkParent : if no categories fields found, check the parent object (if any) to see if it as some (beware this is heavy). Default : false * @return boolean * @access public */ function userHasClearance($user, $clearance = CLEARANCE_MODULE_VIEW, $checkParent = false) { if (!$this->_public || APPLICATION_ENFORCES_ACCESS_CONTROL === true) { //user is an administrator? if ($user->hasAdminClearance(CLEARANCE_ADMINISTRATION_EDITVALIDATEALL)) { return true; } //get Object definition $objectDef = $this->getObjectDefinition(); //get module codename $polyModuleCodename = $objectDef->getValue('module'); //check user right on module (check only minimum needed : VIEW, proper right is checked after on category) if (!$user->hasModuleClearance($polyModuleCodename, CLEARANCE_MODULE_VIEW)) { return false; } //object has categories fields ? $categoriesFields = CMS_poly_object_catalog::objectHasCategories($this->getObjectID()); $allCategories = array(); if (!$categoriesFields && !$checkParent) { //no categories on object so user has rights return true; } elseif (!$categoriesFields && $checkParent) { //check for module Categories usage if (!CMS_poly_object_catalog::moduleHasCategories($polyModuleCodename)) { //no categories used on module : item is viewvable return true; } //check for a parent for the given object if ($objectParentsIDs = CMS_poly_object_catalog::getParentsObject($this->getObjectID())) { $found = false; //check object for each parent objects found foreach ($objectParentsIDs as $objectParentID => $objectParentFields) { $categoriesFields = CMS_poly_object_catalog::objectHasCategories($objectParentID); if (is_array($categoriesFields) && $categoriesFields) { //load current object definition $object = CMS_poly_object_catalog::getObjectDefinition($objectParentID); foreach ($objectParentFields as $fieldID) { $search = new CMS_object_search($object, $this->_public); $search->addWhereCondition($fieldID, $this->getID()); $ids = $search->search(CMS_object_search::POLYMOD_SEARCH_RETURN_IDS); $found = $ids ? true : $found; } } } //if one parent was found then object is visible return $found; } else { //no parent object for this object, item is viewvable return true; } } elseif (is_array($categoriesFields) && $categoriesFields) { $search = new CMS_object_search($objectDef, $clearance == CLEARANCE_MODULE_VIEW); $search->addWhereCondition('item', $this->getID()); $search->addWhereCondition("profile", $user); $ids = $search->search(CMS_object_search::POLYMOD_SEARCH_RETURN_IDS); return $ids ? true : false; } } //user has clearance return true; }
/** * If module use CMS_moduleCategory, does it use it * * @param CMS_moduleCategory $category The to check useage by module * @return Boolean true/false * @access public */ function isCategoryUsed($category) { static $moduleUseCategories, $moduleFieldsCategories; if (!isset($moduleUseCategories)) { $moduleUseCategories = CMS_poly_object_catalog::moduleHasCategories($this->_codename); } if (!$moduleUseCategories) { return false; } if (!isset($moduleFieldsCategories)) { $moduleFieldsCategories = array(); //get all module objects fields which uses categories $moduleObjects = CMS_poly_object_catalog::getObjectsForModule($this->_codename); foreach ($moduleObjects as $object) { $moduleFieldsCategories = array_merge(CMS_poly_object_catalog::objectHasCategories($object->getID()), $moduleFieldsCategories); } } //then check for category value in this fields (edited) $sql = "select\n\t\t\t\t\tid\n\t\t\t\tfrom\n\t\t\t\t\tmod_subobject_integer_edited\n\t\t\t\twhere\n\t\t\t\t\tobjectFieldID in (" . implode(',', $moduleFieldsCategories) . ")\n\t\t\t\t\tand value = '" . $category->getID() . "'\n\t\t\t\t"; $q = new CMS_query($sql); if ($q->getNumRows()) { return true; } //then check for category value in this fields (public) $sql = "select\n\t\t\t\t\tid\n\t\t\t\tfrom\n\t\t\t\t\tmod_subobject_integer_public\n\t\t\t\twhere\n\t\t\t\t\tobjectFieldID in (" . implode(',', $moduleFieldsCategories) . ")\n\t\t\t\t\tand value = '" . $category->getID() . "'\n\t\t\t\t"; $q = new CMS_query($sql); return $q->getNumRows() ? true : false; }