/** * Convert a model or a model information into a json stream. * * @param Phprojekt_Interface_Model | array $models The model(s) to convert. * @param integer $order A Phprojekt_ModelInformation_Default::ORDERING_* const that * defines the ordering for the convert. * * @return string Data in JSON format. */ private static function _convertModel($models, $order = Phprojekt_ModelInformation_Default::ORDERING_DEFAULT) { if (empty($models)) { throw new Exception('Called with empty value'); } // TODO: Are we sure every model is of the same type and have the same // parent? if (!is_array($models)) { $models = array($models); } $information = $models[0]->getInformation($order); $fieldDefinition = $information->getFieldDefinition($order); $datas = array(); $itemIds = array(); foreach ($models as $model) { if (!$model instanceof Phprojekt_Model_Interface) { throw new Exception("A given model does not implement the\n model interface."); } $data = array(); $data['id'] = (int) $model->id; $itemIds[] = $data['id']; foreach ($fieldDefinition as $field) { $key = $field['key']; $value = $model->{$key}; $data[$key] = self::_convertModelValue($value, $field); } $data['rights'] = array(); $datas[] = $data; } $userId = (int) Phprojekt_Auth_Proxy::getEffectiveUserId(); $moduleId = Phprojekt_Module::getId($models[0]->getModelName()); // Okay we got real models and stuff that pretends to be a model // so we try to guess if we the model has rights that we can access if ($models[0] instanceof Phprojekt_Item_Abstract) { if ($models[0] instanceof Project_Models_Project) { $projectId = $models[0]->id; } else { $projectId = $models[0]->projectId; } // TODO: we still asume that the getModelName call works $rights = Phprojekt_Right::getRightsForItems($moduleId, $projectId, $userId, $itemIds); // We need the $idx to modify the $datas elements instead of just copies. foreach ($datas as $index => $data) { $datas[$index]['rights'][$userId] = Phprojekt_Acl::convertBitmaskToArray($rights[$datas[$index]['id']]); } } $data = array('metadata' => $fieldDefinition, 'data' => $datas, 'numRows' => (int) count($datas)); return self::_makeJsonString($data); }
public function hasRight($userId, $right, $projectId = null) { if (Phprojekt_Auth::isAdminUser() || $this->isNew()) { return true; } $projectId = is_null($projectId) ? $this->projectId : $projectId; $moduleId = Phprojekt_Module::getId($this->getModelName()); $rights = Phprojekt_Right::getRightsForItems($moduleId, $projectId, $userId, array($this->id)); if (!isset($rights[$this->id])) { return Phprojekt_Acl::NONE; } return ($rights[$this->id] & $right) == $right; }
/** * Delete the projects where the user don't have access. * * @param Phprojekt_Tree_Node_Database $object Tree class. * * @return Phprojekt_Tree_Node_Database The tree class with only the allowed nodes. */ public function applyRights(Phprojekt_Tree_Node_Database $object) { if (Phprojekt_Auth::isAdminUser()) { return $object; } $projectIds = array_keys($object->_index); // We don't use the effective user id here to make access management more simple. This way, a user really needs // read access to be able to look at a project. $rights = Phprojekt_Right::getRightsForItems(1, 1, Phprojekt_Auth::getUserId(), $projectIds); $currentRight = Phprojekt_Acl::ALL; foreach ($object as $index => $node) { $currentRight = isset($rights[$node->id]) ? $rights[$node->id] : $currentRight; /* delete node cannot update the iterator reference, so we check if it's still in the index or already * removed */ if ((Phprojekt_Acl::READ & $currentRight) <= 0 && isset($object->_index[$node->id])) { $object->deleteNode($object, $node->id); } } return $object; }