/**
* get list of role memberships
*
* @param int $accountId
* @param string $type
* @return array of array with role ids
* @throws Tinebase_Exception_NotFound
*/
public function getRoleMemberships($accountId, $type = Tinebase_Acl_Rights::ACCOUNT_TYPE_USER)
{
if ($type === Tinebase_Acl_Rights::ACCOUNT_TYPE_USER) {
$accountId = Tinebase_Model_User::convertUserIdToInt($accountId);
$groupMemberships = Tinebase_Group::getInstance()->getGroupMemberships($accountId);
if (empty($groupMemberships)) {
throw new Tinebase_Exception_NotFound('Any account must belong to at least one group. The account with accountId ' . $accountId . ' does not belong to any group.');
}
$classCacheId = Tinebase_Helper::convertCacheId($accountId . implode('', $groupMemberships) . $type);
} else {
if ($type === Tinebase_Acl_Rights::ACCOUNT_TYPE_GROUP) {
$accountId = Tinebase_Model_Group::convertGroupIdToInt($accountId);
$classCacheId = Tinebase_Helper::convertCacheId($accountId . $type);
} else {
throw new Tinebase_Exception_InvalidArgument('Invalid type: ' . $type);
}
}
if (isset($this->_classCache[__FUNCTION__][$classCacheId])) {
return $this->_classCache[__FUNCTION__][$classCacheId];
}
$select = $this->_getDb()->select()->distinct()->from(array('role_accounts' => SQL_TABLE_PREFIX . 'role_accounts'), array('role_id'))->where($this->_getDb()->quoteInto($this->_getDb()->quoteIdentifier('account_id') . ' = ?', $accountId) . ' AND ' . $this->_getDb()->quoteInto($this->_getDb()->quoteIdentifier('account_type') . ' = ?', $type));
if ($type === Tinebase_Acl_Rights::ACCOUNT_TYPE_USER) {
$select->orwhere($this->_getDb()->quoteInto($this->_getDb()->quoteIdentifier('account_id') . ' IN (?)', $groupMemberships) . ' AND ' . $this->_getDb()->quoteInto($this->_getDb()->quoteIdentifier('account_type') . ' = ?', Tinebase_Acl_Rights::ACCOUNT_TYPE_GROUP));
}
$stmt = $this->_getDb()->query($select);
$memberships = $stmt->fetchAll(Zend_Db::FETCH_COLUMN);
$this->_classCache[__FUNCTION__][$classCacheId] = $memberships;
return $memberships;
}
/**
* try to convert id of group object and check if correct exceptions are thrown
*/
public function testConvertGroupIdToIntWithGroup()
{
$this->setExpectedException('Tinebase_Exception_InvalidArgument');
Tinebase_Model_Group::convertGroupIdToInt(new Tinebase_Model_Group(array('name' => 'tine20phpunit noid', 'description' => 'noid group')));
}
/**
* returns ldap metadata of given group
*
* @param int $_groupId
* @return array
*
* @todo remove obsolete code
*/
protected function _getGroupMetaData($_groupId)
{
$groupId = Tinebase_Model_Group::convertGroupIdToInt($_groupId);
$filter = Zend_Ldap_Filter::equals($this->_options['groupUUIDAttribute'], Zend_Ldap::filterEscape($groupId));
$result = $this->_ldap->search($filter, $this->_options['groupsDn'], Zend_Ldap::SEARCH_SCOPE_SUB, array('objectclass', 'sambasid'))->getFirst();
return $result;
/*
} catch (Tinebase_Exception_NotFound $e) {
throw new Exception("group with id $groupId not found");
}
*/
}
/**
* returns ldap metadata of given group
*
* @param int $_groupId
*/
protected function _getMetaData($_groupId)
{
$metaData = array();
try {
$groupId = Tinebase_Model_Group::convertGroupIdToInt($_groupId);
$group = $this->_ldap->fetch($this->_options['groupsDn'], 'objectGUID=' . $groupId, array('objectclass'));
$metaData['dn'] = $group['dn'];
$metaData['objectClass'] = $group['objectclass'];
unset($metaData['objectClass']['count']);
} catch (Tinebase_Exception_NotFound $e) {
throw new Exception("group with id {$groupId} not found");
}
//if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' $data: ' . print_r($metaData, true));
return $metaData;
}
/**
* returns ldap metadata of given group
*
* @param string $_groupId
* @return array
* @throws Tinebase_Exception_NotFound
*
* @todo remove obsolete code
*/
protected function _getMetaData($_groupId)
{
$groupId = Tinebase_Model_Group::convertGroupIdToInt($_groupId);
$filter = Zend_Ldap_Filter::equals($this->_groupUUIDAttribute, $this->_encodeGroupId($groupId));
$result = $this->getLdap()->search($filter, $this->_options['groupsDn'], $this->_groupSearchScope, array('objectclass', 'objectsid'));
if (count($result) !== 1) {
throw new Tinebase_Exception_NotFound("Group with id {$_groupId} not found.");
}
$group = $result->getFirst();
return array('dn' => $group['dn'], 'objectclass' => $group['objectclass'], 'objectsid' => Tinebase_Ldap::decodeSid($group['objectsid'][0]));
}
/**
* get group by id
*
* @param string $_name
* @return Tinebase_Model_Group
* @throws Tinebase_Exception_Record_NotDefined
*/
public function getGroupById($_groupId)
{
$groupdId = Tinebase_Model_Group::convertGroupIdToInt($_groupId);
$result = $this->getGroupByPropertyFromSqlBackend('id', $groupdId);
return $result;
}
/**
* add grants to container
*
* @todo check that grant is not already given to container/type/accout combi
* @param int|Tinebase_Model_Container $_containerId
* @param int $_accountId
* @param array $_grants list of grants to add
* @return boolean
* @throws Tinebase_Exception_AccessDenied
*/
public function addGrants($_containerId, $_accountType, $_accountId, array $_grants, $_ignoreAcl = FALSE)
{
$containerId = Tinebase_Model_Container::convertContainerIdToInt($_containerId);
if ($_ignoreAcl !== TRUE and !$this->hasGrant(Tinebase_Core::getUser(), $_containerId, Tinebase_Model_Grants::GRANT_ADMIN)) {
throw new Tinebase_Exception_AccessDenied('Permission to manage grants on container denied.');
}
switch ($_accountType) {
case Tinebase_Acl_Rights::ACCOUNT_TYPE_USER:
$accountId = Tinebase_Model_User::convertUserIdToInt($_accountId);
break;
case Tinebase_Acl_Rights::ACCOUNT_TYPE_GROUP:
$accountId = Tinebase_Model_Group::convertGroupIdToInt($_accountId);
break;
case Tinebase_Acl_Rights::ACCOUNT_TYPE_ANYONE:
$accountId = '0';
break;
default:
throw new Tinebase_Exception_InvalidArgument('invalid $_accountType');
break;
}
$containerGrants = $this->getGrantsOfContainer($containerId, TRUE);
$containerGrants->addIndices(array('account_type', 'account_id'));
$existingGrants = $containerGrants->filter('account_type', $_accountType)->filter('account_id', $_accountId)->getFirstRecord();
$id = Tinebase_Record_Abstract::generateUID();
foreach ($_grants as $grant) {
if ($existingGrants === NULL || !$existingGrants->{$grant}) {
$data = array('id' => $id, 'container_id' => $containerId, 'account_type' => $_accountType, 'account_id' => $accountId, 'account_grant' => $grant);
$this->_getContainerAclTable()->insert($data);
}
}
$this->_setRecordMetaDataAndUpdate($containerId, 'update');
return true;
}
/**
* get group by id
*
* @param string $_name
* @return Tinebase_Model_Group
* @throws Tinebase_Exception_Record_NotDefined
*/
public function getGroupById($_groupId)
{
$groupdId = Tinebase_Model_Group::convertGroupIdToInt($_groupId);
$select = $this->_getSelect();
$select->where($this->_db->quoteIdentifier($this->_tableName . '.id') . ' = ?', $groupdId);
$stmt = $this->_db->query($select);
$queryResult = $stmt->fetch();
$stmt->closeCursor();
if (!$queryResult) {
throw new Tinebase_Exception_Record_NotDefined('Group not found.');
}
$result = new Tinebase_Model_Group($queryResult, TRUE);
return $result;
}
/**
* try to convert id of group object and check if correct exceptions are thrown
*/
public function testConvertGroupIdToIntWithGroup()
{
$this->setExpectedException('Tinebase_Exception_InvalidArgument');
Tinebase_Model_Group::convertGroupIdToInt($this->objects['noIdGroup']);
}
/**
* returns ldap metadata of given group
*
* @param string $_groupId
* @return array
* @throws Tinebase_Exception_NotFound
*
* @todo remove obsolete code
*/
protected function _getMetaData($_groupId)
{
$groupId = Tinebase_Model_Group::convertGroupIdToInt($_groupId);
$filter = Zend_Ldap_Filter::equals($this->_groupUUIDAttribute, Zend_Ldap::filterEscape($groupId));
$result = $this->_ldap->search($filter, $this->_options['groupsDn'], $this->_groupSearchScope, array('objectclass'));
if (count($result) !== 1) {
throw new Tinebase_Exception_NotFound("Group with id {$_groupId} not found.");
}
return $result->getFirst();
}
