/**
* appends custom/acl filters to a given select object
*
* @param Zend_Db_Select $_select
* @param Tinebase_Backend_Sql_Abstract $_backend
* @return void
*/
public function appendFilterSql($_select, $_backend)
{
if (Timetracker_Controller_Timesheet::getInstance()->checkRight(Timetracker_Acl_Rights::MANAGE_TIMEACCOUNTS, FALSE, FALSE)) {
return;
}
if (!$this->_isResolved) {
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . " Get all timeaccounts for user with required grants: " . print_r($this->_requiredGrants, TRUE));
}
$result = Timetracker_Model_TimeaccountGrants::getTimeaccountsByAcl($this->_requiredGrants, TRUE);
$this->_validTimeaccounts = $result;
$this->_isResolved = TRUE;
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . " Got " . count($this->_validTimeaccounts) . ' valid timeaccounts');
}
}
$db = Tinebase_Core::getDb();
$field = $db->quoteIdentifier('id');
$where = $db->quoteInto("{$field} IN (?)", empty($this->_validTimeaccounts) ? array('') : $this->_validTimeaccounts);
$_select->where($where);
}
/**
* resolve timeaccount ids
*/
protected function _resolve()
{
if ($this->_isResolved) {
//if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' already resolved');
return;
}
$this->_value = (array) $this->_value;
// we only need to resolve the timaccount ids if user has no MANAGE_TIMEACCOUNTS grant
if (!Timetracker_Controller_Timesheet::getInstance()->checkRight(Timetracker_Acl_Rights::MANAGE_TIMEACCOUNTS, FALSE, FALSE)) {
// get all timeaccounts user has required grants for
$result = array();
foreach ($this->_requiredGrants as $grant) {
//if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' value:' . $this->_value);
$result = array_merge($result, Timetracker_Model_TimeaccountGrants::getTimeaccountsByAcl($grant, TRUE));
}
$result = array_unique($result);
//if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' ' . print_r($result, TRUE));
// finally compute timeaccount_ids which match the filter and required grants
switch ($this->_operator) {
case 'equals':
case 'in':
$this->_value = array_intersect($this->_value, $result);
break;
case 'all':
$this->_value = $result;
break;
}
}
$this->_isResolved = TRUE;
}
/**
* append acl filter
*
* @param Zend_Db_Select $_select
*/
protected function _appendAclSqlFilter($_select)
{
if ($this->getCondition() === self::CONDITION_OR) {
// ACL filter with OR condition is useless and delivers wrong results!
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' ' . ' No ACL filter for OR condition!');
}
return;
}
if (Timetracker_Controller_Timesheet::getInstance()->checkRight(Timetracker_Acl_Rights::MANAGE_TIMEACCOUNTS, FALSE, FALSE)) {
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' ' . ' No ACL filter for MANAGE_TIMEACCOUNTS right!');
}
return;
}
if (!$this->_isResolved) {
// get all timeaccounts user has required grants for
$result = array();
foreach ($this->_requiredGrants as $grant) {
if ($grant != Timetracker_Model_TimeaccountGrants::BOOK_OWN) {
$result = array_merge($result, Timetracker_Model_TimeaccountGrants::getTimeaccountsByAcl($grant, TRUE));
}
}
$this->_validTimeaccounts = array_unique($result);
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' valid timeaccounts' . print_r($this->_validTimeaccounts, TRUE) . ' for required grants: ' . print_r($this->_requiredGrants, TRUE));
}
$this->_isResolved = TRUE;
}
$db = Tinebase_Core::getDb();
$field = $db->quoteIdentifier('timeaccount_id');
$where = $db->quoteInto("{$field} IN (?)", empty($this->_validTimeaccounts) ? array('') : $this->_validTimeaccounts);
// get timeaccounts with BOOK_OWN right (get only if no manual filter is set)
$bookOwnTS = Timetracker_Model_TimeaccountGrants::getTimeaccountsByAcl(Timetracker_Model_TimeaccountGrants::BOOK_OWN, TRUE);
if (!empty($bookOwnTS)) {
$where .= ' OR (' . $db->quoteInto($field . ' IN (?)', $bookOwnTS) . ' AND ' . $db->quoteInto($db->quoteIdentifier('account_id') . ' = ?', Tinebase_Core::getUser()->getId()) . ')';
}
$_select->where($where);
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' ACL filter: ' . $where);
}
}
/**
* append acl filter
*
* @param Zend_Db_Select $_select
*/
protected function _appendAclSqlFilter($_select)
{
if (Timetracker_Controller_Timesheet::getInstance()->checkRight(Timetracker_Acl_Rights::MANAGE_TIMEACCOUNTS, FALSE, FALSE)) {
return;
}
if (!$this->_isResolved) {
// get all timeaccounts user has required grants for
$result = array();
foreach ($this->_requiredGrants as $grant) {
$result = array_merge($result, Timetracker_Model_TimeaccountGrants::getTimeaccountsByAcl($grant, TRUE));
}
$this->_validTimeaccounts = array_unique($result);
$this->_isResolved = TRUE;
}
$db = Tinebase_Core::getDb();
$field = $db->quoteIdentifier('id');
$where = $db->quoteInto("{$field} IN (?)", empty($this->_validTimeaccounts) ? array('') : $this->_validTimeaccounts);
$_select->where($where);
}
