/** * appends custom/acl filters to a given select object * * @param Zend_Db_Select $_select * @param Tinebase_Backend_Sql_Abstract $_backend * @return void */ public function appendFilterSql($_select, $_backend) { if (Timetracker_Controller_Timesheet::getInstance()->checkRight(Timetracker_Acl_Rights::MANAGE_TIMEACCOUNTS, FALSE, FALSE)) { return; } if (!$this->_isResolved) { if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . " Get all timeaccounts for user with required grants: " . print_r($this->_requiredGrants, TRUE)); } $result = Timetracker_Model_TimeaccountGrants::getTimeaccountsByAcl($this->_requiredGrants, TRUE); $this->_validTimeaccounts = $result; $this->_isResolved = TRUE; if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . " Got " . count($this->_validTimeaccounts) . ' valid timeaccounts'); } } $db = Tinebase_Core::getDb(); $field = $db->quoteIdentifier('id'); $where = $db->quoteInto("{$field} IN (?)", empty($this->_validTimeaccounts) ? array('') : $this->_validTimeaccounts); $_select->where($where); }
/** * resolve timeaccount ids */ protected function _resolve() { if ($this->_isResolved) { //if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' already resolved'); return; } $this->_value = (array) $this->_value; // we only need to resolve the timaccount ids if user has no MANAGE_TIMEACCOUNTS grant if (!Timetracker_Controller_Timesheet::getInstance()->checkRight(Timetracker_Acl_Rights::MANAGE_TIMEACCOUNTS, FALSE, FALSE)) { // get all timeaccounts user has required grants for $result = array(); foreach ($this->_requiredGrants as $grant) { //if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' value:' . $this->_value); $result = array_merge($result, Timetracker_Model_TimeaccountGrants::getTimeaccountsByAcl($grant, TRUE)); } $result = array_unique($result); //if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' ' . print_r($result, TRUE)); // finally compute timeaccount_ids which match the filter and required grants switch ($this->_operator) { case 'equals': case 'in': $this->_value = array_intersect($this->_value, $result); break; case 'all': $this->_value = $result; break; } } $this->_isResolved = TRUE; }
/** * append acl filter * * @param Zend_Db_Select $_select */ protected function _appendAclSqlFilter($_select) { if ($this->getCondition() === self::CONDITION_OR) { // ACL filter with OR condition is useless and delivers wrong results! if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' ' . ' No ACL filter for OR condition!'); } return; } if (Timetracker_Controller_Timesheet::getInstance()->checkRight(Timetracker_Acl_Rights::MANAGE_TIMEACCOUNTS, FALSE, FALSE)) { if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' ' . ' No ACL filter for MANAGE_TIMEACCOUNTS right!'); } return; } if (!$this->_isResolved) { // get all timeaccounts user has required grants for $result = array(); foreach ($this->_requiredGrants as $grant) { if ($grant != Timetracker_Model_TimeaccountGrants::BOOK_OWN) { $result = array_merge($result, Timetracker_Model_TimeaccountGrants::getTimeaccountsByAcl($grant, TRUE)); } } $this->_validTimeaccounts = array_unique($result); if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' valid timeaccounts' . print_r($this->_validTimeaccounts, TRUE) . ' for required grants: ' . print_r($this->_requiredGrants, TRUE)); } $this->_isResolved = TRUE; } $db = Tinebase_Core::getDb(); $field = $db->quoteIdentifier('timeaccount_id'); $where = $db->quoteInto("{$field} IN (?)", empty($this->_validTimeaccounts) ? array('') : $this->_validTimeaccounts); // get timeaccounts with BOOK_OWN right (get only if no manual filter is set) $bookOwnTS = Timetracker_Model_TimeaccountGrants::getTimeaccountsByAcl(Timetracker_Model_TimeaccountGrants::BOOK_OWN, TRUE); if (!empty($bookOwnTS)) { $where .= ' OR (' . $db->quoteInto($field . ' IN (?)', $bookOwnTS) . ' AND ' . $db->quoteInto($db->quoteIdentifier('account_id') . ' = ?', Tinebase_Core::getUser()->getId()) . ')'; } $_select->where($where); if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' ACL filter: ' . $where); } }
/** * append acl filter * * @param Zend_Db_Select $_select */ protected function _appendAclSqlFilter($_select) { if (Timetracker_Controller_Timesheet::getInstance()->checkRight(Timetracker_Acl_Rights::MANAGE_TIMEACCOUNTS, FALSE, FALSE)) { return; } if (!$this->_isResolved) { // get all timeaccounts user has required grants for $result = array(); foreach ($this->_requiredGrants as $grant) { $result = array_merge($result, Timetracker_Model_TimeaccountGrants::getTimeaccountsByAcl($grant, TRUE)); } $this->_validTimeaccounts = array_unique($result); $this->_isResolved = TRUE; } $db = Tinebase_Core::getDb(); $field = $db->quoteIdentifier('id'); $where = $db->quoteInto("{$field} IN (?)", empty($this->_validTimeaccounts) ? array('') : $this->_validTimeaccounts); $_select->where($where); }