/**
* Given an implicit returns the matching explicit user Authorizations.
* Explicit Authorizations can be modified. A null argument will be
* treated as a wildcard.
*
* @param object Authorization $implicitAuthorization
*
* @return object AuthorizationIterator
*
* @throws object AuthorizationException An exception with
* one of the following messages defined in
* org.osid.authorization.AuthorizationException may be thrown:
* {@link
* org.osid.authorization.AuthorizationException#OPERATION_FAILED
* OPERATION_FAILED}, {@link
* org.osid.authorization.AuthorizationException#PERMISSION_DENIED
* PERMISSION_DENIED}, {@link
* org.osid.authorization.AuthorizationException#CONFIGURATION_ERROR
* CONFIGURATION_ERROR}, {@link
* org.osid.authorization.AuthorizationException#UNIMPLEMENTED
* UNIMPLEMENTED}, {@link
* org.osid.authorization.AuthorizationException#NULL_ARGUMENT
* NULL_ARGUMENT}, {@link
* org.osid.authorization.AuthorizationException#UNKNOWN_ID
* UNKNOWN_ID}, {@link
* org.osid.authorization.AuthorizationException#UNKNOWN_TYPE
* UNKNOWN_TYPE}
*
* @access public
*/
function getExplicitUserAZsForImplicitAZ(Authorization $implicitAuthorization)
{
if ($implicitAuthorization->isExplicit()) {
// "The Authorization must be implicit."
throwError(new Error(AuthorizationExeption::OPERATION_FAILED(), "AuthorizationManager", true));
}
return new HarmoniIterator(array($implicitAuthorization->getExplicitAZ()));
}
/**
* Answer true if the authorization is an implicit view AZ cascading up from
* a descendent and should hence be ignored when determining roles.
*
* @param object Authorization $az
* @return boolean
* @access protected
* @since 7/11/08
*/
protected function isCascadingUpView(Authorization $az)
{
// We are only interested in implicit AZs
if ($az->isExplicit()) {
return false;
}
// Return false if not a view AZ
$authZ = Services::getService("AuthZ");
$idMgr = Services::getService("Id");
$viewId = $idMgr->getId('edu.middlebury.authorization.view');
if (!$az->getFunction()->getId()->isEqual($viewId)) {
return false;
}
// Load a list of descendents
$qualifierId = $az->getQualifier()->getId();
if (!isset($this->descendentIds)) {
$this->descendentIds = array();
}
if (!isset($this->descendentIds[$qualifierId->getIdString()])) {
$descendents = array();
$descendents = $authZ->getQualifierDescendants($qualifierId);
$descendentIds = array();
while ($descendents->hasNext()) {
$descendentIds[] = $descendents->next()->getId();
}
$this->descendentIds[$qualifierId->getIdString()] = $descendentIds;
}
// Check the explicit AZ's qualifier against our list of descendents.
$explicitAZ = $az->getExplicitAZ();
$explicitQualifierId = $explicitAZ->getQualifier()->getId();
foreach ($this->descendentIds[$qualifierId->getIdString()] as $id) {
if ($id->isEqual($explicitQualifierId)) {
return true;
}
}
return false;
}