/** * Recursively builds tree permissions for the specified combination. * * @param integer $userId * @param array $userGroupIds * @param array $basePermissions Base permissions, coming from global or parent; [group][permission] => allow/unset/etc * @param array $permissionsGrouped List of all valid permissions, grouped * @param integer $parentId ID of the parent. * * @return array Final permissions (true/false), format: [id][permission] => value */ protected function _buildTreePermissions($userId, array $userGroupIds, array $basePermissions, array $permissionsGrouped, $parentId = 0) { if (!isset($this->_categoryTree[$parentId])) { return array(); } if (!isset($basePermissions['resource']['view'])) { if (isset($this->_globalPerms['resource']['view'])) { $basePermissions['resource']['view'] = $this->_globalPerms['resource']['view']; } else { $basePermissions['resource']['view'] = 'unset'; } } $basePermissions = $this->_adjustBasePermissionAllows($basePermissions); $finalPermissions = array(); foreach ($this->_categoryTree[$parentId] as $category) { $categoryId = $category['resource_category_id']; $groupEntries = $this->_getUserGroupPermissionEntries($categoryId, $userGroupIds); $userEntries = $this->_getUserPermissionEntries($categoryId, $userId); $categoryWideEntries = $this->_getCategoryWideEntries($categoryId); $categoryPermissions = $this->_permissionModel->buildPermissionCacheForCombination($permissionsGrouped, $categoryWideEntries, $groupEntries, $userEntries, $basePermissions, $passPermissions); if (!isset($categoryPermissions['resource']['view'])) { $categoryPermissions['resource']['view'] = 'unset'; } $finalCategoryPermissions = $this->_permissionModel->canonicalizePermissionCache($categoryPermissions['resource']); if (isset($finalCategoryPermissions['view']) && !$finalCategoryPermissions['view']) { // forcable deny viewing perms to children if this isn't viewable $passPermissions['resource']['view'] = 'deny'; } $finalPermissions[$categoryId] = $finalCategoryPermissions; $finalPermissions += $this->_buildTreePermissions($userId, $userGroupIds, $passPermissions, $permissionsGrouped, $categoryId); } return $finalPermissions; }
/** * Builds form permissions for the specified combination. * * @param integer $userId * @param array $userGroupIds * @param array $basePermissions Base permissions, coming from global or parent; [group][permission] => allow/unset/etc * @param array $permissionsGrouped List of all valid permissions, grouped * * @return array Final permissions (true/false), format: [form id][permission] => value */ protected function _buildFormPermissions($userId, array $userGroupIds, array $basePermissions, array $permissionsGrouped) { if (!isset($this->_forms)) { return array(); } /* if (!isset($basePermissions['form']['respondToForms'])) { if (isset($this->_globalPerms['form']['respondToForms'])) { $basePermissions['form']['respondToForms'] = $this->_globalPerms['form']['respondToForms']; } else { $basePermissions['form']['respondToForms'] = 'unset'; } } */ $basePermissions = $this->_adjustBasePermissionAllows($basePermissions); $finalPermissions = array(); foreach ($this->_forms as $form) { $formId = $form['form_id']; $groupEntries = $this->_getUserGroupFormEntries($formId, $userGroupIds); $userEntries = $this->_getUserFormEntries($formId, $userId); $formWideEntries = $this->_getFormWideEntries($formId); $formPermissions = $this->_permissionModel->buildPermissionCacheForCombination($permissionsGrouped, $formWideEntries, $groupEntries, $userEntries, $basePermissions); $finalFormPermissions = $this->_permissionModel->canonicalizePermissionCache($formPermissions['form']); $finalPermissions[$formId] = $finalFormPermissions; } return $finalPermissions; }
/** * Recursively builds node tree permissions for the specified combination. * Note that nodes will have permissions for all node types, but the final * permissions for a node *only* include that node's permissions. * * @param integer $userId * @param array $userGroupIds * @param array $basePermissions Base permissions, coming from global or parent; [group][permission] => allow/unset/etc * @param array $permissionsGrouped List of all valid permissions, grouped * @param integer $parentId ID of the parent node. * * @return array Final permissions (true/false), format: [node id][permission] => value */ protected function _buildNodeTreePermissions($userId, array $userGroupIds, array $basePermissions, array $permissionsGrouped, $parentId = 0) { if (!isset($this->_nodeTree[$parentId])) { return array(); } if (!isset($basePermissions['general']['viewNode'])) { if (isset($this->_globalPerms['general']['viewNode'])) { $basePermissions['general']['viewNode'] = $this->_globalPerms['general']['viewNode']; } else { $basePermissions['general']['viewNode'] = 'unset'; } } $basePermissions = $this->_adjustBasePermissionAllows($basePermissions); $finalPermissions = array(); foreach ($this->_nodeTree[$parentId] as $node) { if (!isset($this->_nodeTypes[$node['node_type_id']])) { continue; } $nodeType = $this->_nodeTypes[$node['node_type_id']]; $nodeId = $node['node_id']; $groupEntries = $this->_getUserGroupNodeEntries($nodeId, $userGroupIds); $userEntries = $this->_getUserNodeEntries($nodeId, $userId); $nodeWideEntries = $this->_getNodeWideEntries($nodeId); $nodePermissions = $this->_permissionModel->buildPermissionCacheForCombination($permissionsGrouped, $nodeWideEntries, $groupEntries, $userEntries, $basePermissions, $passPermissions); if (!isset($nodePermissions['general']['viewNode'])) { $nodePermissions['general']['viewNode'] = 'unset'; } if ($nodeType['permission_group_id']) { $nodePermissions[$nodeType['permission_group_id']]['view'] = $nodePermissions['general']['viewNode']; $finalNodePermissions = $this->_permissionModel->canonicalizePermissionCache($nodePermissions[$nodeType['permission_group_id']]); if (isset($finalNodePermissions['view']) && !$finalNodePermissions['view']) { // forcable deny viewing perms to children if this isn't viewable $passPermissions['general']['viewNode'] = 'deny'; } } else { $finalNodePermissions = array(); } $finalPermissions[$nodeId] = $finalNodePermissions; $finalPermissions += $this->_buildNodeTreePermissions($userId, $userGroupIds, $passPermissions, $permissionsGrouped, $nodeId); } return $finalPermissions; }