/**
* Access check function.
*
* Checks access and attempts to speed up all future access checks using
* caching and storage of the variable within {@link _access}.
*
* Note, only if parameters are empty will permissions caching or storage
* in {@link _access} be effective, because parameters (i.e. the assignment
* of a record based on the value of its assignedTo field) are expected to
* vary. For example, in record-specific permission items checked for
* multiple records. That is why $params be empty for any shortcuts to be
* taken.
*
* @param string $itemName Name of the auth item for which access is being checked
* @param integer $userId ID of the user for which to check access
* @param array $params Parameters to pass to business rules
* @return boolean
*/
public function checkAccess($itemName, $userId, $params = array())
{
if (!isset($params['userId'])) {
$params['userId'] = $userId;
}
if (!isset($this->_access)) {
$this->_access = array();
}
if (isset($this->_access[$userId][$itemName]) && !empty($this->_access[$userId][$itemName])) {
$checkParams = $this->getCacheParams($params);
if ($checkParams !== false) {
$checkParams = json_encode($checkParams);
// Shortcut 1: return data stored in the component's property
if (isset($this->_access[$userId][$itemName][$checkParams])) {
return $this->_access[$userId][$itemName][$checkParams];
}
}
} else {
if ($this->caching) {
// Shortcut 2: load the auth cache data and return if a result was found
if (!isset($this->_access[$userId])) {
$this->_access[$userId] = Yii::app()->authCache->loadAuthCache($userId);
}
if (isset($this->_access[$userId][$itemName]) && !empty($this->_access[$userId][$itemName])) {
$checkParams = $this->getCacheParams($params);
if ($checkParams !== false) {
$checkParams = json_encode($checkParams);
if (isset($this->_access[$userId][$itemName][$checkParams])) {
return $this->_access[$userId][$itemName][$checkParams];
}
}
}
}
}
if (!isset($this->_access[$userId])) {
$this->_access[$userId] = array();
}
if (!isset($this->_access[$userId][$itemName])) {
$this->_access[$userId][$itemName] = array();
}
// Get assignments via roles.
//
// In X2Engine's system, x2_auth_assignment doesn't refer to users, but
// to roles. Hence, the ID of each role is sent to
// parent::getAuthAssignments rather than a user ID, which would be
// meaningless in light of how x2_auth_assignment stores roles.
if (isset($this->_assignments[$userId])) {
$assignments = $this->_assignments[$userId];
} else {
$roles = Roles::getUserRoles($userId);
$assignments = array();
foreach ($roles as $roleId) {
$assignments = array_merge($assignments, parent::getAuthAssignments($roleId));
}
$this->_assignments[$userId] = $assignments;
}
// Prepare the username for the session-agnostic permissions check:
if (!isset($this->_usernames[$userId])) {
if ($userId == Yii::app()->getSuId()) {
$user = Yii::app()->getSuModel();
} else {
$user = User::model()->findByPk($userId);
}
if ($user instanceof User) {
$this->_usernames[$userId] = $user->username;
} else {
$this->_usernames[$userId] = 'Guest';
}
}
// Get whether the user has access:
$hasAccess = parent::checkAccessRecursive($itemName, $userId, $params, $assignments);
// Store locally.
$cacheParams = $this->getCacheParams($params);
if ($cacheParams !== false) {
$this->_access[$userId][$itemName][json_encode($cacheParams)] = $hasAccess;
// Cache
if ($this->caching) {
Yii::app()->authCache->addResult($userId, $itemName, $hasAccess, $cacheParams);
}
}
return $hasAccess;
}
